GPG random data gathering
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Apr 7 13:22:09 CEST 2004
Werner Koch <wk at gnupg.org> writes:
>On Wed, 07 Apr 2004 02:45:01 -0500, J Vender said:
>>Does GnuPG lock the memory where the passphrase is stored, like PGP does?
>
>It does thi on systems wehere it is possible It is not possible under Windows
>without installing a special driver to support unswappable memory - there
>exists no such free driver. All Windows functions claiming to lock the
>memory don't do what you would expect them to do.
Actually there's a lot of confusion about VirtualLock, with contradicting
claims about what it really does. After I did my analysis of it (and
unfortunately too late to make it into the book), an MS security person had a
close look at it and was unable to get VirtualLock()'ed memory paged out no
matter what he did. He also checked with someone who had worked on
VirtualLock who said that it did indeed prevent the memory from being paged.
The problem is that there have been instances in the past where an MS
developer has believed that his code did X when in fact it did Y, since there
have been reports from other sources that it does result in data being paged
my best guess is that it did this under NT and perhaps early Win2K, but has
been changed in newer Win2K and XP. It may also be that since VirtualLock()
has per-page granularity, some of the people who reported data being swapped
experienced this because they'd VirtualUnlock()'ed adjacent data on the same
page. My code goes to some lengths to ensure that it never VirtualUnlock()'s
anything on the same page, although if your keys happen to share a page with
data that something else VirtualUnlock()'s then that guarantee is gone. To in
turn get around *that*, you can use VirtualAlloc() in place of malloc(),
specifying memory blocks in 4K increments. This kinda wastes memory (and
means you have to do additional work to handle thread-safety), but it does
mean you can completely control the memory you're getting.
You can also get nonpageable memory using AWE (Address Windowing Extensions),
but the interface to that is clunky to say the least.
Peter.
More information about the Gnupg-devel
mailing list