Questions about GPGME / GnuPG library
David Pick
D.M.Pick at qmw.ac.uk
Thu Dec 7 14:58:53 CET 2000
> > So you didn't understand for what nonswapable memory is good for.
>
> No, not really. If you can access the swap from remote, then you are
> root, and therefore fully capable of replacing either the gnupg binary
> itself, or reading the real memory on the machine - swap or not. If
> you are not root, have access to the hardware, and are capable of
> useing a screwdriver, you can remove the disk, replace the gnupg
> binary and replace the disk with a trojan gnupg. Is there something
> secret that I missed?
Something you've missed: but not very secret. Scenario:
1) computer running normally, perfectly safely.
2) someone gains physical access and either steals it or serves
you with a warrent.
3) they take the machine away for forensic analysis
*without altering the hard disc at all* and never return it
4) they recover either a decrypted secret key, or your passphrase
from the swap space
5) they read all the material you thought you had kept secret
6) even worse: they are also in a position to forge your signature
> I think I understood that you're afraid that
> someone could read something that was swapped to disk, right?
Exactly.
> Sure,
> you could crypt the swap, but really... I'd rather use a isolated
> machine physically locked up, without network of any kind and a
> grounded Farraday cage around it all to do my crypting then.
Still vilnerable to the sort of attack I've described. You *know*
it's happening (if it does happen) but you can't do anything
about it.
--
David Pick
More information about the Gnupg-devel
mailing list