Implications of using insecure memory
Aleksandar Milivojevic
amilivojevic at pbl.ca
Mon Oct 4 20:27:56 CEST 2004
shatadal at vfemail.net wrote:
> Another poster also talked about getting rid of windows. However I do need to
> run windows from time to time. Also I do not have root access on my linux
> machine (it is used at work). So does that mean that gpg is not for me? Or is
> there anything available which could erase the swap space anytime I want? I
> just looked around in the M$ knowledgebase and it has a workaround to clear the
> pagefile at shutdown. Is that a useful compromise?
For Linux box, you can ask your sysadmin to install gpg with setuid bit set.
For Windows and erasing the swap space, it depends on what it actually
does (I'm not an Windows expert). If the file is simply "deleted" from
the disk and recreated on next boot, nope it is not sufficient (blocks
where the data is will be unalocated, but data on them will be intact
until something else writes to that part of the disk). On the other
hand if it overwrites the content of swap file with zeros (or does
something similar), than you are kinda safe. It won't stop inteligence
agency from recovering the data (see my previous reply), but it will
stop almost anybody else. So, unless somebody can make millions $$$ out
of your data, most likely nobody will bother to recover it.
If after setting that registry setting time to shutdown machine becomes
much longer, than it is most likely doing the right thing. Although,
while machine is running, anything with access to swap file can read
information from it. So it is not ideal solution. It is kind of in the
middle.
If shutdown time stays almost the same, than it is simply removing the
file (marking file as deleted), which does not give you any more
security. In that case setting that registry entry is pointless.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the Gnupg-users
mailing list