Re: RSA's SecurPC not-so-"Secur"

Mark Rosen (mrosen@peganet.com)
Sat, 9 May 1998 15:41:17 -0400

• Next message: Peter Gutmann: "Re: RSA's SecurPC not-so-"Secur""
• Previous message: Robin Lee Powell: "Re: RSA's SecurPC not-so-"Secur""
• In reply to: geeman@best.com: "Re: RSA's SecurPC not-so-"Secur""
• Next in thread: Peter Gutmann: "Re: RSA's SecurPC not-so-"Secur""

>It's possible that the fragment is from some paging activity?
>

    It depends on what version of Windows was being used to test the
product, and how many precautions the developers took against data leakage.
    Windows NT supports the VirtualLock and VirtualUnlock functions, which
prevent data from being swapped out to disk. Unfortunately, Windows 95
(don't know about Windows 98, but I doubt it) does not implement this
functionality. Of course, the RSA should also have overwritten any memory
that was used to store sensitive data several times with 0s, 1s, random
data, and its complement.

    Small plug: my product, Kremlin, *does* use the VirtualLock/Unlock
functions, and it includes a comprehensive set of features to plug up
Windows (wipe free disk space, wipe ram/swapfile, etc.).

- Mark Rosen
http://www.mach5.com/

• Next message: Peter Gutmann: "Re: RSA's SecurPC not-so-"Secur""
• Previous message: Robin Lee Powell: "Re: RSA's SecurPC not-so-"Secur""
• In reply to: geeman@best.com: "Re: RSA's SecurPC not-so-"Secur""
• Next in thread: Peter Gutmann: "Re: RSA's SecurPC not-so-"Secur""