Re: RSA's SecurPC not-so-"Secur"

William H. Geiger III (whgiii@invweb.net)
Sat, 16 May 98 13:56:52 -0500

• Next message: Martin G. Diehl: "Re: RSA's SecurPC not-so-"Secur""
• Previous message: Ben Cox: "Re: Certified e-mail"
• In reply to: Bruce Schneier: "Certified e-mail"
• Next in thread: Loren J. Rittle: "Re: RSA's SecurPC not-so-"Secur""
• Reply: Loren J. Rittle: "Re: RSA's SecurPC not-so-"Secur""

-----BEGIN PGP SIGNED MESSAGE-----

In <3.0.32.19980516102520.0072d07c@shell15.ba.best.com>, on 05/16/98
   at 10:26 AM, geeman@best.com said:

>I never said anything about intermediate; I'm saying there are cleartext
>data remnants all OVER the place from applications and the paging that
>has occurred during their use; these extents are essentially randomly
>placed and could contain anything from any time, altho with the
>probability of finding any specific piece of data tending to 0 as time
>passes.

Yes and this is a big problem.

I am looking at writting a device driver to create a block of shared
non-swappable memory and then have a "secure" text editor that makes use
of it. This will prevent the plain text from getting swapped out before
the encryption is done.

I am also playing around with putting the swap-file on an encrypted disk
but I don't know how much of a performance hit the system will take (seems
a bit of a waste as 99% of the data in the swapfile doesn't need to be
encrypted).

Another solution would be to wipe the swapfile at system shutdown. For
this to work one would need to disable the dynamic allocation of the
swapfile to prevent it from changing size (unless one just wanted to wipe
all the free space on the HD which would be rather time consumming).

Unfortunatly most people keep the swapfile on the boot partition which
makes things more complicated.

- --
- ---------------------------------------------------------------
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://users.invweb.net/~whgiii/pgp.html
- ---------------------------------------------------------------
 
Tag-O-Matic: OS/2: Windows done RIGHT!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNV3kcY9Co1n+aLhhAQFQgQP6AwEYkJotB1tJPH3nuwW2y7Gx9q2WyWVi
+q7RCdwiYiG0U4xQAnwCfMc5XrLE66ma5Y1HzuNAPoN9xqwIL+1ZOuFSo0ht+447
YJIOna+YnkS7vLqgPn3J5H/zM0T+rduA3sdewCPPKbHsI1v43Ya/9qauEic4fT/o
AfiV17sgdLw=
=YfTh
-----END PGP SIGNATURE-----

• Next message: Martin G. Diehl: "Re: RSA's SecurPC not-so-"Secur""
• Previous message: Ben Cox: "Re: Certified e-mail"
• In reply to: Bruce Schneier: "Certified e-mail"
• Next in thread: Loren J. Rittle: "Re: RSA's SecurPC not-so-"Secur""
• Reply: Loren J. Rittle: "Re: RSA's SecurPC not-so-"Secur""