Re: Locking physical memory (RAM) under Windows

New Message Reply About this list Date view Thread view Subject view Author view

Peter Gutmann (pgut001@cs.auckland.ac.nz)
Sun, 28 Jun 1998 23:33:19 (NZST)


>Will the CryptLib library benefit from the drivers above, or is the library
>well protected (unders Windows) in this respect ?
 
Every crypto application will benefit, since there's currently no way to
ensure that sensitive data stored in memory on a Windows machine really will
stay in memory at all times (rather than being paged to disk).
 
>Although (for e.g.) I can encrypt the contents of a control, there is every
>possibility for the original plain-text to be written to a swapfile, while
>keys, key-states, and random seed pool data are otherwise carefully protected.
>As these controls naturally undermine cryptographic security, I am wondering
>if the development of drivers which reliably lock data in memory may offer a
>way around this ?
 
There's no easy way to block this problem. Not only can data be accidentally
swapped, but it's also fairly easy to grab text from password entry dialogs
and other controls, even under the supposedly secure NT (there are several
stealth loggers available which do this). The only way to get around this
would be for someone to create a custom text control built from scratch which
works at a very low level and which handles things properly, but that'd be a
real pain to write. Any volunteers?
 
[An alternative is to use the method I use with SFS, where a real-mode DOS
 driver reads your password using direct keyboard hardware access before
 Windows can get in the way. This doesn't really work for general Windows
 apps though]
 
>As a more general question, if you (or anyone) knows of any secure Windows
>controls (or is that an unreconcileable contradiction ), then I would be most
>interested to learn of them.
 
Anyone want to write one of these? It'd be a great help to have a secure form
of the standard text entry control, since the standard Windows ones are
probably the weakest link in current Windows-based security software. You
don't need any really fancy features, just something which grabs keyboard
input and recognises and handles the basic context-switching sequences.
 
Peter.
 


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:09 ADT