Re: RSA's SecurPC not-so-"Secur"

Peter Gutmann (pgut001@cs.auckland.ac.nz)
Tue, 19 May 1998 12:51:06 (NZST)

• Next message: Bruce Schneier: "Re: Another Test on RSA Keys"
• Previous message: geeman@best.com: "Re: RSA's SecurPC not-so-"Secur""
• Maybe in reply to: staym@accessdata.com: "RSA's SecurPC not-so-"Secur""
• Next in thread: geeman@best.com: "Re: RSA's SecurPC not-so-"Secur""

>The primary drawback of the solutions you mention is that these file system
>add-ons are 16-bit, requiring Windows to page via MS-DOS. This would seem to
>have substantial performance implications, at least in theory. Or are there
>native 32bit versions available now?
 
As I mentioned in my previous message, switching from a permanent to a
temporary swapfile has almost no effect at the MSDOS level, will often speed up
access at the BIOS level, and in any case is insignificant compared to the
overhead of encryption. If you believed MS's propaganda when Win3.11 was
released, the move to VxD's for file I/O made a major difference, this may have
made some difference back in the days of 40MB single-sector-read mode 0 I/O IDE
drives, but with fast EIDE drives and BIOSes which supported enhanced access
modes (which Win3.x's primitive WD1003-compatible driver doesn't know about),
going via the BIOS will be much faster than Windows anyway, and the extra
overhead of a switch out of protected mode gets lost. DOS/Win16 users may
remember the multisector IDE drivers which came out when the first IDE drives
with multisector read/write capabilities appeared, these real-mode 16-bit
drivers were significantly faster than the protected-mode 32-bit drivers used
in Windows. Newer BIOSes provide the same enhanced capabilities of these
drivers and more (for example the so-called Mode 1-4 fast access modes (which
just speed up the I/O timing) and DMA modes), while Win3.x is still using the
drive as if it were an early-80's vintage MFM drive. Since SFS uses the
enhanced BIOS disk access, if you strip out the encryption overhead it's likely
that using the Windows drivers (with any recent hardware) would result in a net
performance loss rather than any gain.
 
Win95 has drivers which take advantage of the enhanced capabilities of newer
drives, so this doesn't hold true any more for that. However from feedback
I've had from users any performance difference is negligible.
 
Peter.
 

• Next message: Bruce Schneier: "Re: Another Test on RSA Keys"
• Previous message: geeman@best.com: "Re: RSA's SecurPC not-so-"Secur""
• Maybe in reply to: staym@accessdata.com: "RSA's SecurPC not-so-"Secur""
• Next in thread: geeman@best.com: "Re: RSA's SecurPC not-so-"Secur""