Is it True that Cryptographic Keys can be Found in Virtual Memory?

 

This is a common issue with most software. Since the release of WinRAR 4.20, we have taken special measures to minimize the intermediate storage of plain text passwords in virtual memory. Unlike plain text passwords, encryption keys are indeed present in virtual memory during extraction, but cleaned once the extraction is complete. In order to do this, we do use a special Windows API function to encrypt plain text passwords and AES keys in memory, namely CryptProtectMemory by Microsoft.

https://msdn.microsoft.com/de-de/library/windows/desktop/aa380262(v=vs.85).aspx

Malicious actors would need full access to a user's computer to make a dump of WinRAR process memory and then extract keys from this dump. If somebody can make memory dumps of a user’s computer at any time and copy such dumps, the user already has a major security leak.

Please be aware the feature and scenario described above is only valid for Microsoft platforms.

 

back to FAQ Encryption