for those of you looking for a patch to fix the PGP5.5x wipe functionality, here is the PGP55sc.dll copied from the PGP553ialp compilation. this version incorporates the fix outlined below, that appeared in alt.security.pgp. only change I've made to the .dll is to edit it with a hex editor so that the version reads PGP553, rather than PGP553ia. I'm not the author/compiler of PGP553ialp, just thought people might want this fix without downloading the entire installation (although it has several other nice fixes). INSTALLATION: * extract pgp55sc_dll_modified_wipe.zip to a temporary folder. * exit Win95/98 to DOS, cd \WINDOWS\SYSTEM * rename the original pgp55sc.dll to pgp55sc.bak * copy the modified pgp55sc.dll from your temporary folder to \WINDOWS\SYSTEM ------------------------------------------------------------------------------ QUOTE FROM: Subject: PATCH FOR PGP 5.5 WIPE OPERATION From: jm1280@bluemarble.net (John Maassen)Date: 1998/03/17 Message-ID: <35100b46.239696@news.bluemarble.net> Newsgroups: alt.security.pgp,comp.security.pgp.tech,sci.crypt [Subscribe to alt.security.pgp] [More Headers] I am disappointed that the wipe function, which failed in PGP 5.5.3 Freeware also fails in the most recent version 5.5.5 of the same software. The purpose of this note is to provide a "quick fix" to this problem. The following is based upon the source code for PGP 5.5.3 which is available from the International PGP Home Page at www.pgpi.com. The failure of the PGP wipe function has been discussed by a number of individuals on various USENET news groups, e.g. alt.security.pgp. The problem is that VCACHE uses write- behind caching, unless this feature has been specifically disabled. If a file is written to and subsequently deleted, VCACHE will generally not physically write the changes to disk before the file on the disk is deleted. In the case of PGP, the offending module is wipe.c located in the directory \pgp55\clients\pgp\win32\PGPsc of the file pgp55win95nt-src.zip. The file wipe.c should be modified by adding the single statement "FlushFileBuffers(hFile);" to the function InternalFileWipe() after line #612 as indicated below: CloseHandle( hMap ); // line #612 FlushFileBuffers( hFile ); // add this statement CloseHandle( hFile ); // old line #613 DeleteFile( NewFileName ); After making this change, the project PGPsc should be rebuilt using Win32Release as the active configuration. The only change will be to the library PGP55sc.dll. On most systems, this should be copied to the \windows\system directory. This quick fix seems to work for both versions 5.5.3 and 5.5.5 of PGP Freeware. Due to copyright and export restrictions, I am unable to provide copies of the recompiled library PGP55sc.dll. Finally, an examination of the file wipe.c indicates that it is a work in progress. For example, the code for wiping with cryptographically strong random bytes - Colin Plumb's patterns? - rather than 0x00's has been commented out.