|
|
#1
April 9th, 2007, 10:36 AM
|
|||
|
|||
Windows Vista ReadyBoost: A Privacy Problem?
Windows Vista has a ReadyBoost/ReadyDrive/ReadyBoot capability in which frequently used files are cached to flash memory to speed performance.
Question: Do these features of Windows Vista only cache executable application files – or, might they also store frequently used personal data files (e.g., a Microsoft Word document)? If the latter, there may exist a privacy/security issue in so far as an unencrypted copy of an encrypted disk data file could be stored in the flash memory. |
|
#2
April 9th, 2007, 11:42 AM
|
|||
|
|||
Re: Windows Vista ReadyBoost: A Privacy Problem?
Q: Isn't user data on a removable device a security risk?
A: This was one of our first concerns and to mitigate this risk, we use AES-128 to encrypt everything that we write to the device. From http://blogs.msdn.com/tomarcher/arch...02/615199.aspx
__________________
[Desktop] Acer Aspire M5620| W7 HP 64 SP1 [Laptop] Dell Inspiron 17r| W7 Pro 64 SP1/Ubuntu 11.10 [HTPC] Foxconn 45CSX ITX Mobo | W7 HP 64 SP1 [Tablet] Toshiba Thrive AT100| Android HC 3.2 |
|
#3
April 9th, 2007, 01:53 PM
|
|||
|
|||
|
Re: Windows Vista ReadyBoost: A Privacy Problem?
Thanks, Mitch, for the very helpful link.
[1] Concerning the AES-128 encryption, how is the passphrase itself created and managed? [2] I still wonder, however: are only executable files stored on the ReadyBoost cache – or, can user files (e.g., a Microsoft Word document) also be copied onto the cache, too? |
|
#4
April 9th, 2007, 03:50 PM
|
|||
|
|||
|
Re: Windows Vista ReadyBoost: A Privacy Problem?
Good questions but sorry I do not know about how the encryption names and p/w's are generated and what is actually processed inside the USB key. I guess whatever is processed in a paging file is also processed there from my understanding. I use a 2GB Sandisk Titanium dedicated to ReadyBoost. I have never thought to look in there to see what was put on it. I might look at it tonight when I get home from work.
I can assume the name/pw is based on the product ID number. That way another machine cannot decipher what is on the key.
__________________
[Desktop] Acer Aspire M5620| W7 HP 64 SP1 [Laptop] Dell Inspiron 17r| W7 Pro 64 SP1/Ubuntu 11.10 [HTPC] Foxconn 45CSX ITX Mobo | W7 HP 64 SP1 [Tablet] Toshiba Thrive AT100| Android HC 3.2 |
|
#5
April 9th, 2007, 05:01 PM
|
|||
|
|||
|
Re: Windows Vista ReadyBoost: A Privacy Problem?
I just found this:
"The driver encrypts each block it writes using Advanced Encryption Standard (AES) encryption with a randomly generated per-boot session key in order to guarantee the privacy of the data in the cache if the device is removed from the system." Source: http://www.microsoft.com/technet/tec...3/VistaKernel/
__________________
[Desktop] Acer Aspire M5620| W7 HP 64 SP1 [Laptop] Dell Inspiron 17r| W7 Pro 64 SP1/Ubuntu 11.10 [HTPC] Foxconn 45CSX ITX Mobo | W7 HP 64 SP1 [Tablet] Toshiba Thrive AT100| Android HC 3.2 Last edited by midway40 : April 9th, 2007 at 05:15 PM. |
|
#6
April 9th, 2007, 06:45 PM
|
|||
|
|||
|
Re: Windows Vista ReadyBoost: A Privacy Problem?
Again, Mitch – appreciate the excellent information you have been providing.
I am, however, a bit confused. If the encryption session key is “per boot,” then how are the contents of the cache used from one boot (start-up) of the PC to the next? Shouldn’t the encryption key be static across boots? Am I misinterpreting something here? Thank you. |
|
#7
April 9th, 2007, 08:22 PM
|
|||
|
|||
|
Re: Windows Vista ReadyBoost: A Privacy Problem?
Whew, I am no expert on ReadyBoost, lol. I answered your original question because I remember reading it on Tom Archer's blog (that blog has shown up alot on forums where ReadyBoost is questioned). So I have been researching this as I go along learning some new things myself. I was planning to do this anyway once I got the bugs out of my system (I only have one "bug" left but Nvidia has to fix that).
After an extensive search, even on MS's Technet, I cannot find out what exactly happens with ReadyBoost when the computer is rebooted. But a Q&A on Tom's blog may provide a clue: Q: What happens when you remove the drive? A: When a surprise remove event occurs and we can't find the drive, we fall back to disk. Again, all pages on the device are backed by a page on disk. No exceptions. This isn't a separate page file store, but rather a cache to speed up access to frequently used data. The part that I highlighted leaves me to the conclusion that that upon shutdown the pagefile state is saved (thus whatever is also stored on the device) and upon reboot the data is reloaded into the device with a new encryption key. When it is being accessed, my Sandisk flashes a bright blue glow that even though it is installed in a port in the back of my computer I can see the flashes on the dark wall behind it. On boot I have noticed it flashing so I assume that what I described above may be happening. I know this is mostly conjecture but the best I can come up with right now, lol. BTW, I tried to access the .sfcache file on the device but even under Admin privileges I get an "access denied" message.
__________________
[Desktop] Acer Aspire M5620| W7 HP 64 SP1 [Laptop] Dell Inspiron 17r| W7 Pro 64 SP1/Ubuntu 11.10 [HTPC] Foxconn 45CSX ITX Mobo | W7 HP 64 SP1 [Tablet] Toshiba Thrive AT100| Android HC 3.2 |
|
#9
April 12th, 2007, 10:51 AM
|
|||
|
|||
|
Re: Windows Vista ReadyBoost: A Privacy Problem?
Sorry I haven't gotten back sooner but have been laid up with some kind of flu.
 Let me know what you find out 
__________________
[Desktop] Acer Aspire M5620| W7 HP 64 SP1 [Laptop] Dell Inspiron 17r| W7 Pro 64 SP1/Ubuntu 11.10 [HTPC] Foxconn 45CSX ITX Mobo | W7 HP 64 SP1 [Tablet] Toshiba Thrive AT100| Android HC 3.2 |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
