Implications of using insecure memory

[David Shaw]

On Mon, Oct 04, 2004 at 02:53:05PM -0700, Chris De Young wrote:
> > it's not that gpg isn't secure on windoze; it that *nothing* can be made 
> > secure in windoze.
> > 
> > if you have a need to use pgp, GnuPG is great, but like any application it 
> > can't overcome deficiencies in the OS. use what you need to use, but if 
> > security (and/or reliability) is non-trivial you'll need to start using 
> > *nix or maybe mac-os.
> 
> One thing to note in passing is that most of this worry applies to
> cases where other people besides you also have access to your windows
> box.  If the box itself is physically secure and you're mostly worried
> about making sure the data in encrypted before it leaves the box, then
> running GnuPG on Windows should be just fine.
> 
> Be aware that you still need to be a reasonably attentive Windows
> admin though, and protect the box from network-borne compromises; if
> a remote user can use a particular exploit to run their own code on
> your box without your permission then they can still exploit the
> probles discussed in this thread.
> 
> It's up to you to decide what the cost of such a compromise might be
> compared with the cost of preventing it.  For me, I don't think it's
> frankly much of a worry, but that's something you have to decide.

Exactly.  This is a very important point, but frequently lost in the
discussion about secure memory in general, and Windows in particular.

Sure, secure memory/running on a secure OS/inside a Faraday
cage/disconnected from the network/etc is potentially safer, but it
would be foolish to let the lack of these things stop you from using
encryption at all.  Just understand the limitations of what you are
doing.  There is a lot of benefit that can be derived from encryption,
even if you are doing it on Windows.

David