Passwords can sit on disk for years

[Jerrold Leichter]

| >Tal Garfinkel (related to Simpson?) is a Stanford PHD student who has put
| >together a working model for tracking tainted data stored in RAM in various
| >popular applications.
|
| Hmm, one part of the article isn't quite accurate:
|
|   Operating systems such as Windows and Linux have no facility for stopping
|   data being written to the hard drive.
|
| Both Unix and Windows support this.  Under Unix only the superuser can use it
| and it isn't supported by all Unix variants, but under Windows (at least the
| NT branch), anyone can call VirtualLock(), and (at least under Win2K and
| later) as far as anyone can tell it'll prevent data from being swapped (note
| all the caveats and weasel-words there :-).  There's a bit of confusion
| surrounding this issue, but it should be OK at least with Win2K and XP).
... until you hibernate your laptop, at which point all of memory gets written
to disk.

Or until the program gets run under a virtual machine, and the entire VM gets
swapped out.

Or ...

I agree that locking pages containing sensitive data into memory is prudent,
but Garfinkel's point is well taken:  The model of memory presented by existing
general-purpose OS's is just too complex for anyone to understand the security
implications.  OS support for "red pages" - whatever exactly that should mean -
would be a useful thing.  (Even then, the VMM scenario is complex to handle.
Really, a "red page" needs to be "red" all the way through all levels of
virtualization.  Very low level, or even hardware, support might even prove
useful - e.g., if for whatever reason the data in the physical page frame
needs to be copied (after a soft ECC error?), zero the previous page frame.)

							-- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com