[Cryptography] Construction of cryptographic software.

Bill Stewart billstewart at pobox.com
Thu Dec 4 22:18:35 EST 2014


>Anton Titov (at Wednesday, December 3, 2014, 10:28:43 AM):
> > Are you aware of any OS that will pass free-d pages to another program
> > without zeroing them out first?

At 09:14 AM 12/3/2014, Krisztián Pintér wrote:
>short answer: no
>long answer: win95 family did
>
>however, a similar issue is paging. and windows happily writes
>anything into the page file, and leaves it there indefinitely.
>hybernation works in a similar manner.

What, nobody's still using RSTS-11?
The version of BASIC that ran on it (which IIRC was DEC Extended BASIC-Plus)
let you DIMENSION a virtual-memory array, which 
was stored on disk instead of in core,
and it didn't zero it first, so you could 
retrieve random blocks of leftover storage,
and the enterprising high school student might find things of interest after
discarding binary stuff and just looking at text.  In some cases, even
previous versions of the (unencrypted) password file might show up,
and most of the passwords might still be current.

When I ran into the Orange Book a decade or so later, I thought some parts
might be overkill, but the 
always-free-before-reallocating parts?  I believed them.



More information about the cryptography mailing list