Fri May 25 20:07:02 2001
On Fri, 25 May 2001, clemensF wrote:
> in what way? recovering the passphrase should be hard for root as well.
There 42 and more ways for root to do _everything_.
What about attaching strace to a running gpg or replacing the gpg
binary with a version whichs logs passphrases or just tracing all
syscalls or pty dataflows.
> > * Could they make it dump core and rip the passphrase from that? If it
> > dumped core, the passphrase would be readily available. In a perfect
Programs which handle sensitive information should disable core
dumps - this is pretty easo on most systems.
> a passphrase could be encrypted time-limited, the program could recrypt it
> from time to time, so it would not stay unencrypted in memory too long.
And where do you keep the key for this encryption ?!
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus