Re: RSA's SecurPC not-so-"Secur"

Martin G. Diehl (mdiehl@nac.net)
Sat, 16 May 1998 15:05:23 -0400

• Next message: William H. Geiger III: "Re: Certified e-mail"
• Previous message: William H. Geiger III: "Re: RSA's SecurPC not-so-"Secur""
• In reply to: geeman@best.com: "Re: RSA's SecurPC not-so-"Secur""
• Next in thread: Martin G. Diehl: "Re: RSA's SecurPC not-so-"Secur""

Vin McLellan <vin@shore.net> wrote:
>
> William H. Geiger III <whgiii@invweb.net> asked:
>
> >> Has anyone actually *confirmed* that this is a swapfile problem
> >> or some other mechanism at work causing the passphrase going to
> >> disk?
>
> Jing Lee <Jing@rsa.com> responded:
>
> |> The one and only one instance of the newly changed password was
> |> found in the disk sector allocated for swap file in my machine.
>
> Jing is the RSA engineer who codes for SecurPC. Given his
> personal and vocational interest, I suggest his evaluation of the
> scope of this problem is well informed.
>
> <geeman@best.com> suggested another worst-case senario:
>
> >What's amusing about this is that not only is the passphrase or
> >whatnot out there on the drive because of swapping, but, hmmmm...
> >wonder what **DATA** is out there that you wish/thought/imagined
> >you encrypted?
>
> Data, I think you'll find, is covered, even on swap ;-]
> (Jing, please feel free to correct me on details.) SecurPC uses
> RSA's Fastcrypt library -- which was used for years for RSADSI's
> internal records, btw, before someone thought to add a GUI and
> market it. There seems to be no chance that the intermediate
> plain-text would get swapped out. First of all, because the memory
> is being actively used (so it doesn't get swapped out by Windows or
> other OS's during an encryption operation.) Secondly, as SecurPC is
> implemented, the plain-text buffer is overwritten by the encrypted
> data -- so if the memory gets swapped out after the encryption is
> complete, Windows will only toss slices of the encrypted data to
> the hard disk.
>
> Suerte,
>
> _Vin

Virtual memory swapping occurs based on memory utilization,
processor utilization, and interactions between competing
tasks on that computer. It has many characteristics that
suggest that we consider it as a "random" (YES, I know its
not random enough in the crypto sense) activity. Stated an
other way, random events have a chance or probability to
occur.

Therefore, we should not say, "There seems to be no chance
that the intermediate plain-text would get swapped out."
Instead, we should say that there is a chance that clear data
would be swapped out with p < 0.???, and be prepared to
calculate the value for p. Having calculated a value, we
then must decide if that chance is too risky. We must
consider not only our use as developers but also the crypto
user's needs and risks.

OTOH, [Windows 95 only] if (starting at the W95 desktop) you
right click "My computer" and then, in succession, click
Properties, Performance, Virtual Memory, and choose to set
the virtual memory to 0 (specifically allowed as noted in
the Help for that window), then and only then, could you say
that swapping does not occur. Cautions: (1) reboot required
before and after, (2) you will need a lot of real memory
installed. How much memory? That might be an example on an
unshared secret. <g>

-- 
Martin G. Diehl
I am what I am.  All opinions expressed within are strictly my own.
If Ziggy says "Time is what keeps everything from happening at once",
and Newton teaches that Gravity brings all matter together, could we
say that Time and Gravity have an antagonistic relationship?

• Next message: William H. Geiger III: "Re: Certified e-mail"
• Previous message: William H. Geiger III: "Re: RSA's SecurPC not-so-"Secur""
• In reply to: geeman@best.com: "Re: RSA's SecurPC not-so-"Secur""
• Next in thread: Martin G. Diehl: "Re: RSA's SecurPC not-so-"Secur""