Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:26 ADT
Camillo Särs (Camillo.Sars@DataFellows.com)
Mon, 18 May 1998 10:31:27 +0300
Hello,
I'm not on the CodherPlunks list, but I got this message forwarded to my by a
friendly colleague.
Rich Casto wrote:
> Does anyone know if DataFellow's F-Secure Desktop has a similar
> problem?
We took this problem into account when designing F-Secure Desktop. The
issue here is that there is no way to lock pages into memory in Windows
95. The function calls are there, but they are documented to do nothing
and always return success. This means that the only reasonable way to keep
pages in memory is to have them in the working set, and not even that will
always guarantee success.
F-Secure Desktop *always* prompts for the passphrase before performing an
operation. The reason is simple - the passphrase is not kept in memory
between invocations. Neither is the key. Users do find this irritating,
but it's a compromise between security and usability.
BTW; actually keeping an encryption key in memory is slightly less risky.
The reason being that an encryption key is pure random data. It's much
harder to locate a key in a swap file than it is to locate a passphrase.
Nevertheless, we zero out the key memory immediately after the key has been
used.
Regards,
Camillo
PS. Similar issues arise when wiping disk sectors, i.e. an incorrect
implementation might not actually wipe every sector. We made sure we did
that correctly, as well.
-- Camillo Särs <Camillo.Sars@DataFellows.com> Data Fellows Ltd. http://www.Europe.DataFellows.com/ Aim for the impossible and you http://www.iki.fi/ged will achieve the improbable
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:26 ADT