Windows Vista ReadyBoost: A Privacy Problem?

Discussion in 'privacy technology' started by Pleonasm, Apr 9, 2007.

Thread Status:
Not open for further replies.
  1. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Windows Vista has a ReadyBoost/ReadyDrive/ReadyBoot capability in which frequently used files are cached to flash memory to speed performance.

    Question: Do these features of Windows Vista only cache executable application files – or, might they also store frequently used personal data files (e.g., a Microsoft Word document)? If the latter, there may exist a privacy/security issue in so far as an unencrypted copy of an encrypted disk data file could be stored in the flash memory.
     
  2. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
  3. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Thanks, Mitch, for the very helpful link.

    [1] Concerning the AES-128 encryption, how is the passphrase itself created and managed?

    [2] I still wonder, however: are only executable files stored on the ReadyBoost cache – or, can user files (e.g., a Microsoft Word document) also be copied onto the cache, too?
     
  4. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Good questions but sorry I do not know about how the encryption names and p/w's are generated and what is actually processed inside the USB key. I guess whatever is processed in a paging file is also processed there from my understanding. I use a 2GB Sandisk Titanium dedicated to ReadyBoost. I have never thought to look in there to see what was put on it. I might look at it tonight when I get home from work.

    I can assume the name/pw is based on the product ID number. That way another machine cannot decipher what is on the key.
     
  5. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Last edited: Apr 9, 2007
  6. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Again, Mitch – appreciate the excellent information you have been providing.

    I am, however, a bit confused. If the encryption session key is “per boot,” then how are the contents of the cache used from one boot (start-up) of the PC to the next? Shouldn’t the encryption key be static across boots? Am I misinterpreting something here?

    Thank you.
     
  7. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Whew, I am no expert on ReadyBoost, lol. I answered your original question because I remember reading it on Tom Archer's blog (that blog has shown up alot on forums where ReadyBoost is questioned). So I have been researching this as I go along learning some new things myself. I was planning to do this anyway once I got the bugs out of my system (I only have one "bug" left but Nvidia has to fix that).

    After an extensive search, even on MS's Technet, I cannot find out what exactly happens with ReadyBoost when the computer is rebooted. But a Q&A on Tom's blog may provide a clue:

    Q: What happens when you remove the drive?
    A: When a surprise remove event occurs and we can't find the drive, we fall back to disk. Again, all pages on the device are backed by a page on disk. No exceptions. This isn't a separate page file store, but rather a cache to speed up access to frequently used data.

    The part that I highlighted leaves me to the conclusion that that upon shutdown the pagefile state is saved (thus whatever is also stored on the device) and upon reboot the data is reloaded into the device with a new encryption key. When it is being accessed, my Sandisk flashes a bright blue glow that even though it is installed in a port in the back of my computer I can see the flashes on the dark wall behind it. On boot I have noticed it flashing so I assume that what I described above may be happening. I know this is mostly conjecture but the best I can come up with right now, lol.

    BTW, I tried to access the .sfcache file on the device but even under Admin privileges I get an "access denied" message.
     
  8. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Mitch, I have sent Tom Archer at Microsoft an email to pursue these questions. I will post whatever I may learn.

    Thanks again. :)
     
  9. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Sorry I haven't gotten back sooner but have been laid up with some kind of flu. :gack:

    Let me know what you find out :)
     
Loading...
Thread Status:
Not open for further replies.