Bug: sensitive data written to insecure memory

[Oleg Smolsky]

On Wed, 4 Apr 2001, Werner Koch <wk at gnupg.org> wrote:

> Given  all the problems with the "secure memory" handling, the extra
> complexity  of  the  code,  the  problem of hibernation ("suspend to
> disk"),  the unavailibilty of "secure memory" under Windoze and many
> other  systems,  we  might  come  to the conclusion that this design
> issue  was  an  error and we should better rely on the OS to protect
> the swap space.

Actually, it's really easy to lock a set of pages in memory if you are
running on the NT branch. Here are the user mode functions that are
relevant:
VirtualAlloc() and VirtualFree()
VirtualLock() and VirtualUnlock()

As for the 9x branch, the only solution I can think of is the PGP one:
-- install a dummy kernel mode driver
-- allocate a set of pages from a non-paged pool
-- recalculate the addresses in the MDLs and pass them to the user
   level app

As for the hibernation... I don't really know... I suppose we could
encrypt the contents of those pages just before we "OK" going in to
the that mode...

Best regards,
Oleg.