Re: RSA's SecurPC not-so-"Secur"

New Message Reply About this list Date view Thread view Subject view Author view

bram (bram@gawth.com)
Mon, 18 May 1998 12:01:33 -0700 (PDT)


On Mon, 18 May 1998, Kriston J. Rehberg wrote:

> Anyway, whether it is swapped out should be of some concern in a
> single-user Windows system, however I believe much can be gained by
> having your system automatically wipe the swap file on system
> shutdown. I remember a program that used to do this for Windows 3.1
> and you can probably find many of these for Windows 95.

I think there are a couple different issues here -

Information on one's hard drive can be read by unplugging the hard drive
and plugging it into another machine. The only real way to fix this is to
encrypt the entire hard drive. Sensitive information getting breached
isn't the same level of security violation as one's key getting stolen
though.

The swap file might contain keys which are only supposed to be accesible
by one process. I think the real way to fix this problem is to make the
swap file only readable by root, and have most things not run as root.
This is unfortunately unworkable for windows, but I don't know about UNIX.

Even with the above precautions, one still might not want to let keys get
swapped. In that case, all the encrypted swap/no swap trickery people have
been discussing applies. The hardcore way of doing this, of course, would
be to use a dongle. It certainly would be nice to not have to worry about
keys getting stolen even if system root got violated.

-Bram


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:27 ADT