Re: RSA's SecurPC not-so-"Secur"

Martin G. Diehl (mdiehl@nac.net)
Mon, 18 May 1998 07:04:29 -0400

• Next message: Julian Assange: "Re: RSA's SecurPC not-so-"Secur""
• Previous message: Martin G. Diehl: "Re: RSA's SecurPC not-so-"Secur""
• Next in thread: Kriston J. Rehberg: "Re: RSA's SecurPC not-so-"Secur""

Vin McLellan wrote:
>
> William H. Geiger III <whgiii@invweb.net> asked:
>
> >> Has anyone actually *confirmed* that this is a swapfile problem
> >> or some other mechanism at work causing the passphrase going to
> >> disk?
>
> Jing Lee <Jing@rsa.com> responded:
>
> |> The one and only one instance of the newly changed password was
> |> found in the disk sector allocated for swap file in my machine.
>
> Jing is the RSA engineer who codes for SecurPC. Given his
> personal and vocational interest, I suggest his evaluation of the
> scope of this problem is well informed.
>
> <geeman@best.com> suggested another worst-case senario:
>
> >What's amusing about this is that not only is the passphrase or
> >whatnot out there on the drive because of swapping, but, hmmmm...
> >wonder what **DATA** is out there that you wish/thought/imagined
> you encrypted?
>
> Data, I think you'll find, is covered, even on swap ;-]
> (Jing, please feel free to correct me on details.)

[snip]

>There seems to be no chance that the intermediate
> plain-text would get swapped out. First of all, because the memory
> is being actively used (so it doesn't get swapped out by Windows
> or other OS's during an encryption operation.) Secondly, as
> SecurPC is implemented, the plain-text buffer is overwritten by
> the encrypted data -- so if the memory gets swapped out after the
> encryption is complete, Windows will only toss slices of the
> encrypted data to the hard disk.

That's nice. OTOH, an encrypted message, which has been
unencrypted to clear text would _not_ have the protection of
being in heavily used pages after the decoding is finished.

-- 
Martin G. Diehl
I am what I am.  All opinions expressed within are strictly my own.
If Ziggy says "Time is what keeps everything from happening at once",
and Newton teaches that Gravity brings all matter together, could we
say that Time and Gravity have an antagonistic relationship?

• Next message: Julian Assange: "Re: RSA's SecurPC not-so-"Secur""
• Previous message: Martin G. Diehl: "Re: RSA's SecurPC not-so-"Secur""
• Next in thread: Kriston J. Rehberg: "Re: RSA's SecurPC not-so-"Secur""