Re: How to programmatically create a partition?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: UAError (null_at_null.null)
Date: 01/18/05 

Date: Tue, 18 Jan 2005 10:25:24 -0500

Jon Skeet [C# MVP] <skeet@pobox.com> wrote:

>UAError <null@null.null> wrote:
>
><snip>
>
>> Law #6: A computer is only as secure as the administrator is
>> trustworthy
>>
>> Lets face it, that data will have to be unencrypted at some
>> point of time to be useful and thats when somebody
>> sufficiently competent and motivated can get at it
>> especially with administrator privileges.
>
><snip>
>
>While that's true of computer security *in general*, it's not
>necessarily true of all data stored on a computer. If I encrypt a
>message with a pass phrase (using a suitably secure algorithm, of
>course), and that pass phrase itself is only stored in my head, you
>could be the administrator of whatever computer you want - you still
>won't be able to get the plaintext without knowing the pass phrase.

That wasn't my point. You are simply referring do the data
in its encrypted state - but somebody with administrative
privileges has the means to disclose your secrets when YOU
are working with them in their UNENCRYPTED state.

The key phrase here is "sufficiently competent and
motivated". An attacker with local administrator privileges
could install utilities to snap shot your process memory
and/or paging file to capture your unencrypted secrets. A
network administrator could do the same remotely. This puts
additional pressure on the developer to keep the unencrypted
secrets from being swapped to the paging file, erasing any
buffer memory used and to leave secrets unencrypted for the
shortest possible window inside the application. However the
secrets remain vulnerable while they are being displayed to
the user in the clear.

So you could say "it IS necessarily true for all data USED
on the computer".

Relevant Pages

  • Re: NOW WHAT? "The maximum number of secrets that may be stored in a single system has been exceede
    ... If you Google "maximum number of secrets" you will get quite a few hits, including this thread shown at Techarena. ... well pretty much the application control and policy controls within your organization is not controlled by Microsoft but by your Administrator. ... Better inquire/contact your administrator about the grounds and parameters wherein that message should appear and how to go over it since you require such actions without you seeing that message. ... So I have too many encrypted antries (where? ...
    (microsoft.public.windows.vista.security)
  • Re: Encryption - How to Choose Password
    ... Refer to the slip of paper when you need the phrase. ... I have a web script that generates diceware phrases that you can use: ... transmitting your secrets over the net unencrypted. ...
    (sci.crypt)
  • Re: Renaming User Administrator
    ... In my personal opinion it is more important to use VERY strong pass phrase ... passwords longer than 15 characters than renaming the Administrator. ...
    (microsoft.public.windows.server.sbs)