Re: RSA's SecurPC not-so-"Secur"

dontspam-tzeruch@ceddec.com
Mon, 1 Jun 1998 11:32:26 -0400

• Next message: Angelos D. Keromytis: "KeyNote v0.1 Release Announcement"
• Previous message: Robert Hettinga: "Call for Papers -- Financial Cryptography '99"
• Next in thread: Kriston J. Rehberg: "Re: RSA's SecurPC not-so-"Secur""
• Reply: Kriston J. Rehberg: "Re: RSA's SecurPC not-so-"Secur""

On Tue, 19 May 1998, William H. Geiger III wrote:

> In <199805190432.XAA18713@supra.rsch.comm.mot.com>, on 05/18/98
> at 11:32 PM, "Loren J. Rittle" <rittle@supra.rsch.comm.mot.com> said:
>
> >>> I never said anything about intermediate; I'm saying there are cleartext
> >>> data remnants all OVER the place from applications and the paging that
> >>> has occurred during their use; these extents are essentially randomly
> >>> placed and could contain anything from any time, altho with the
> >>> probability of finding any specific piece of data tending to 0 as time
> >>> passes.
>
> >> Yes and this is a big problem.
>
> >Good grief! With how cheap RAM is these days, why is anyone still
> >configuring a secure system with swap-to-disk enabled?
>
> Obviously you haven't noticed what a pig winblows software is (I think
> they are writting everything in VB <g>.) Average desktop is running
> 32-64Mb. You can not operate win95/winNT with the standard complement of
> apps without a swapfile on such a system.

Worse, NT (the "more secure" version) will swap out things just for the
fun of it. Running only explorer (the "filemanager" version) and netscape
caused it to tell me my 43 Mb swap file on my 32 Mb machine was too small
and that I needed to close some applications. It was swapping things out
- right-clicking an icon after 5 minutes of inactivity resulted in lots of
disk noises and after about 5 seconds the menu popped up (and I had done
this lots of times before).

If you don't create a swapfile you will get a stop dialog telling you that
you are short on memory (this happened under just explorer/filemanager
with 64Mb). NT all but demands you create a swapfile.

(and do the secure filesystems work with NT?)

However, I have been working with WinRT from www.bluewatersystems.com,
which allows low-level access to hardware, so you could theoretically use
a chunk of memory on a PCI card, but it made me think of something else.

What might work is to create a small DMA buffer. DMA buffers aren't
swapped. The problem might be getting the OS not to splatter the
passphrase in 30 places before storing it there (or even the hashed or
otherwise processed passphrase).

• Next message: Angelos D. Keromytis: "KeyNote v0.1 Release Announcement"
• Previous message: Robert Hettinga: "Call for Papers -- Financial Cryptography '99"
• Next in thread: Kriston J. Rehberg: "Re: RSA's SecurPC not-so-"Secur""
• Reply: Kriston J. Rehberg: "Re: RSA's SecurPC not-so-"Secur""