Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: John Wiltshire (jwQITS.NET.AU)
Date: Tue Jan 23 2001 - 22:07:19 CST
From: Peter W [mailto:peterwUSA.NET]
> Bits _never_ get written to the disk? Guaranteed never to use
> swap space?
> The GnuPG FAQ (http://www.gnupg.org/faq.html#q6.1) suggests that it is
> not possible to make a Windows program insist on physical RAM
> the way a
> program can in Open Systems. Does EFS really use only physical RAM? If
> so, is there some win32 API that can be used by other
> application designers
> who want to guarantee that certain blocks of allocated memory
> are *never*
> swapped out to disk? The most likely candidate I've come across is
> VirtualLock() which, unfortunately, "does not mean that the
> page will not be
> paged to disk"
This is certainly possible as EFS is a kernel mode device driver and not
a Win32 application. Non pageable memory can be easily allocated from
the non-paged pool by a device driver (and is one of the fundamental
concepts in writing a Win2000 driver).
The EFS driver communicates with the local security authority (lsass) to
allow the use of CryptoAPI for encryption of the data, but as lsass is a
Native applciation (not Win32) then it may have access to other
(undocumented) functions, or simply pass a pointer to the non-paged
memory it has allocated for the encryption buffers.
Note that the PGP implementation uses a device driver (PGPmemlock.sys)
to lock pages into memory and prevent them from being swapped out. I am
unsure as to the motives of the GPG team if they have not implemented a
similar feature, but smells like FUD to me.