for those of you looking for a patch to fix the PGP5.5x wipe functionality,
here is the PGP55sc.dll copied from the PGP553ialp compilation. this version
incorporates the fix outlined below, that appeared in alt.security.pgp.
only change I've made to the .dll is to edit it with a hex editor so that
the version reads PGP553, rather than PGP553ia. I'm not the author/compiler
of PGP553ialp, just thought people might want this fix without downloading
the entire installation (although it has several other nice fixes).
INSTALLATION:
* extract pgp55sc_dll_modified_wipe.zip to a temporary folder.
* exit Win95/98 to DOS, cd \WINDOWS\SYSTEM
* rename the original pgp55sc.dll to pgp55sc.bak
* copy the modified pgp55sc.dll from your temporary folder to \WINDOWS\SYSTEM
------------------------------------------------------------------------------
QUOTE FROM:
Subject:      PATCH FOR PGP 5.5 WIPE OPERATION
From:         [email protected] (John Maassen)Date:         1998/03/17
Message-ID:   <[email protected]>
Newsgroups:   alt.security.pgp,comp.security.pgp.tech,sci.crypt
[Subscribe to alt.security.pgp] [More Headers]
I am disappointed that the wipe function, which failed in
PGP 5.5.3 Freeware also fails in the most recent version
5.5.5 of the same software.  The purpose of this note is to
provide a "quick fix" to this problem.
The following is based upon the source code for PGP 5.5.3
which is available from the International PGP Home Page at www.pgpi.com.
The failure of the PGP wipe function has been discussed by
a number of individuals on various USENET news groups, e.g.
alt.security.pgp.  The problem is that VCACHE uses write-
behind caching, unless this feature has been specifically
disabled.  If a file is written to and subsequently
deleted, VCACHE will generally not physically write the
changes to disk before the file on the disk is deleted.
In the case of PGP, the offending module is wipe.c located
in the directory \pgp55\clients\pgp\win32\PGPsc of the file
pgp55win95nt-src.zip.  The file wipe.c should be modified
by adding the single statement "FlushFileBuffers(hFile);"
to the function InternalFileWipe() after line #612 as indicated below:
       CloseHandle( hMap );            // line #612
       FlushFileBuffers( hFile );              // add this statement
       CloseHandle( hFile );           // old line #613        DeleteFile( NewFileName );
After making this change, the project PGPsc should be
rebuilt using Win32Release as the active configuration.
The only change will be to the library PGP55sc.dll.  On
most systems, this should be copied to the \windows\system directory.
This quick fix seems to work for both versions 5.5.3 and 5.5.5 of PGP Freeware.
Due to copyright and export restrictions, I am unable to
provide copies of the recompiled library PGP55sc.dll.
Finally, an examination of the file wipe.c indicates that
it is a work in progress.  For example, the code for wiping
with cryptographically strong random bytes - Colin Plumb's
patterns? - rather than 0x00's has been commented out.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.