'Re: VirtualLock =?= VirtualAlloc'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: VirtualLock =?= VirtualAlloc
From:       Jim Adler <jadler () SOUNDCODE ! COM>
Date:       1998-12-08 5:04:03
[Download RAW message or body]

I wouldn't trust any of the Windows memory management APIs that promise to
lock memory.  Typically, they're hints to the OS that can be overridden
under certain, high load, circumstances.

We've written SCNSM 1.0 Beta, a non-swappable memory device driver for
Windows 3.x/95/98.  It is available for free and can be downloaded from

http://soundcode.com/content/download/products/scnsm/default.htm (docs)
http://soundcode.com/content/download/products/scnsm/scnsm10b.zip (source)

The SCNSM driver supports allocation of non-swappable memory on Windows
3.x/95/98. The principal design goal of SCNSM is to provide memory that will
not be swapped to disk, under any circumstances. Typically, security
applications require such memory to store private keys, passwords, and
sensitive intermediate results of cryptographic calculations.

SCNSM uses the same technique as allocating DMA buffers for hardware device
transfers.  The idea being that Windows doesn't swap DMA buffers and
therefore won't swap this buffer either.

The SCNSM source-code is copyrighted freeware.  The intent here is to end
the perennial nuisance of having sensitive security data swapped to disk
which undermines the public's confidence in commercial security products.
Please send any questions or bugs to me or support@soundcode.com.Jim

Jim

=========
Jim Adler
Soundcode, Inc.
www.soundcode.com
425.739.2229 (voice)
425.739.2228 (fax)

-----Original Message-----
From: denis bider <denisb@INAME.COM>
To: CryptoAPI@DISCUSS.MICROSOFT.COM <CryptoAPI@DISCUSS.MICROSOFT.COM>
Date: Monday, December 07, 1998 7:04 PM
Subject: VirtualLock =?= VirtualAlloc


>Hello,
>
>I am toying with a small, but has-to-be-highly-secure program that will
load
>a piece of sensitive data from somewhere else and decrypt it in memory
>before applying the CryptoAPI functions to it. Now, to prevent anyone from
>being able to access the plain data, I have to make sure that it does not
>get written into the swap file.
>
>On Windows NT, I can use VirtualLock() for that purpose. But what about
>Windows 95? MSDN says that, on Win95, VirtualLock() is implemented only as
a
>do-nothing stub. Bad joke, eh. Is using VirtualAlloc() with the
PAGE_NOCACHE
>option a good idea? I mean, will it achieve the same thing? Or have I
>misinterpreted the MSDN documentation?
>
>Does anybody know of any other options than VirtualAlloc() with
>PAGE_NOCACHE?
>
>--
>denis bider (denisb@iname.com / denis@zaslon.si)
>
>----------------------------------------------------------------
>Users Guide http://www.microsoft.com/workshop/essentials/mail.asp
>contains important info including how to unsubscribe.  Save time, search
>the archives at http://discuss.microsoft.com/archives/index.html

["Jim Adler.vcf" (text/x-vcard)]
----------------------------------------------------------------
Users Guide http://www.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic