Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Clearing or Encrypting Page File?
New Posts  All Forums:Forum Nav:

Clearing or Encrypting Page File?

post #1 of 34
Thread Starter 
I use some Truecrypt containers to store sensitive data on some of my storage disks. I am concerned that some of this information could remain (or possibly even my encrypted key or password) in Windows Page File. Truecrypt suggests encrypting the entire system drive, I have done this on my laptop, but do not wish to do this to my desktop.

I have read on this board not to disable the page file, even if you have plenty of RAM. So what about setting the registry to clear the page file on shutdown as outlined here?:

http://support.microsoft.com/kb/314834

Does this registry value tell Windows to actually overwrite the pagefile with zeros or random data or does it just "delete" the page file. I'm assuming that it overwrites the page file as it takes a decent amount of time to shutdown with this registry value enabled, but I cannot find any documentation from Microsoft stating that this is the case.

Another security technique I've come across while researching this topic is that Windows has a built in feature called fsutil that can encrypt the page file. The process for doing this I've found here:

http://www.ghacks.net/2011/04/04/encrypt-your-windows-pagefile-to-improve-security/

My question about this is how good is the encryption? I don't have to generate my own password so that must mean that Windows is storing one somewhere? Seems like there may be some security holes here, but I'm looking for someone with more expertise in encryption.

So it seems the 3 options to protect sensitive data from being potentially extracted from a page file would be to either disable the page file, encrypt it, or clear it from the disk at shutdown. Which option or combination of options would be the most secure if full system encryption is not an option?
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
post #2 of 34
In your case, just disable the paging file....

Or create a small RAMDisk. (Yes, you are creating a space where the OS writes to save RAM... but some programs still except that it exists.)
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #3 of 34
Thread Starter 
Some programs and games will not even run with the page file disabled though, right? I would rather not have to disable it.
Edited by LastBucsfan - 4/28/11 at 9:50am
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
post #4 of 34
they will run without a page file, but in your case with only having 4GB of RAM if this is on your sig rig, i would not suggest it. The page file is mainly used for when you run out of physical memory until the some of the physical memory is freed up then swaps the threads from the page file to the physical memory.
If you did want to disable the page file I would at least double your RAM to 8GB usually more is better, but somethings could still be affected, performance wise.
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
post #5 of 34
Thread Starter 
Yes my sig rig is the one in question. I'd prefer not to disable the page file because of the 4GB.
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
post #6 of 34
Thread Starter 
Also what about hiberfil.sys? It still appears right there with pagefile.sys even though I don't have hibernation enabled under my current power management...

EDIT: I figured out just disabling hibernation in the Control Panel, Power Options won't get rid of the actual hiberfil.sys that stores information. This can be removed with the DOS command prompt:

powercfg.exe -h off
Edited by LastBucsfan - 4/28/11 at 11:56am
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
post #7 of 34
How much ram do you have? Put the pagefile on a ram drive
post #8 of 34
Quote:
Originally Posted by DuckieHo;13306597 
In your case, just disable the paging file....

Or create a small RAMDisk. (Yes, you are creating a space where the OS writes to save RAM... but some programs still except that it exists.)

lol I didn't see your post
post #9 of 34
with the OP only having 4GB of RAM, adding a RAM Disk wouldn't really solve his issue. The main purpose of RAM Disks was to overcome the limitations of 32bit OS when there was more physical RAM available that was the OS could see.

OP if your really need the security of encrypting the Page File. I would do either just that encrypt it following MS's directions, or alternatively you could increase your physical RAM and remove the page file all together. Just know by removing it all together while most things will utilize the RAM and not the page file a small page file will help some applications, it should not break them.
Edited by bratas - 4/28/11 at 12:03pm
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
post #10 of 34
Thread Starter 
Quote:
Originally Posted by Spooony;13308250 
How much ram do you have? Put the pagefile on a ram drive

Yes, but then that same data will be stored, unprotected on the RAM disk, right?

Would using the page file encryption method I posted + clearing the page file at shutdown with the regedit hack not be sufficient? I'm just curious if anyone else has tried these features.
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
Desktop
(13 items)
 
   
CPUMotherboardGraphicsRAM
i7-2600k [4.7 GHz @ 1.376v] ASUS P8P67 PRO Rev 3.1 MSI GTX 580 Lightning Extreme [950/1900/2100 1.1v] GSkill Ripjaws 8GB [2133 MHz 9-11-10-28-1T] 
Hard DriveOptical DriveOSMonitor
WD VelociRaptor 300GB / 2x Samsung F3 1TB RAID 0 Sony Optiarc 24x DVD/CD-RW Windows 10 x64 Asus VN247 24" 1920x1080 Dual Monitors 
KeyboardPowerCase
Ducky Shine DK-9008 Overclock.net Edition Corsair TX750 CoolerMaster HAF 932 Full Tower 
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Clearing or Encrypting Page File?