GnuPG Daemon?
Werner Koch
wk@gnupg.org
Fri May 25 20:07:02 2001
On Fri, 25 May 2001, clemensF wrote:
> in what way? recovering the passphrase should be hard for root as well.
There 42 and more ways for root to do _everything_.
What about attaching strace to a running gpg or replacing the gpg
binary with a version whichs logs passphrases or just tracing all
syscalls or pty dataflows.
> > * Could they make it dump core and rip the passphrase from that? If it
> > dumped core, the passphrase would be readily available. In a perfect
Programs which handle sensitive information should disable core
dumps - this is pretty easo on most systems.
> a passphrase could be encrypted time-limited, the program could recrypt it
> from time to time, so it would not stay unencrypted in memory too long.
And where do you keep the key for this encryption ?!
ciao,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus