Risk Assessment

brian moore bem at cmc.net
Thu Oct 22 23:20:23 CEST 1998

On Thu, Oct 22, 1998 at 10:27:51PM -0500, Edward S. Marshall wrote:
> On Thu, 22 Oct 1998, Richard Lynch wrote:
> Solution: use ssh for remote terminal access, instead of telnet. For
> windows, you can use any number of products, such as stock ssh right up to
> SecureCRT and others. This still implies a level of trust in the remote
> system, but it ensures that an intermediary cannot collect data from your
> connection.

This is true, but not needed in this case: generate the keys on the
windows machine.  The remote system only needs the public key, not the
secret key.

> "insecure memory"? It's only insecure if GPG doesn't clean memory properly
> after generating a key (as other processes could then reuse the free()'d
> memory later; protected memory spaces are exactly that: protected. Only
> the process (or root) should be able to get at that memory space.

Nope: any other process running under the same uid can get to it, too.

> Assume, however, that if you have a root compromise, -all- of your keys
> are compromised. Your "break-in recovery" procedure should cover a means
> by which you'll regenerate those keys and get them to the customer.

But that's PK: let them compromise the public keys.  Heck, publish them
on the key servers if you want.  They won't do anyone any good.

Let the secret keys live on the remote user's machine and life is
peachy: the only gaps in security are within the web server itself, PHP,
and GPG.

The only key lost is the public key, and that'll only allow people to
forge mail pretending they filled out a web form instead of email.  BFD.

> What is the root of the technical requirement here for root ownership (and
> presumably suid permissions)? I must -really- be missing something here...

gdb gpg <pid>

Brian Moore                       | "The Zen nature of a spammer resembles
      Sysadmin, C/Perl Hacker     |  a cockroach, except that the cockroach
      Usenet Vandal               |  is higher up on the evolutionary chain."
      Netscum, Bane of Elves.                 Peter Olson, Delphi Postmaster

More information about the Gnupg-devel mailing list