GnuPG Daemon?

David Turner dct25@cam.ac.uk
Fri May 25 22:24:01 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 25 May 2001, Werner Koch wrote:


> On Fri, 25 May 2001, clemensF wrote:
>
> > in what way? recovering the passphrase should be hard for root as well.
>
> There 42 and more ways for root to do _everything_.
>
> What about attaching strace to a running gpg or replacing the gpg
> binary with a version whichs logs passphrases or just tracing all
> syscalls or pty dataflows.
Or something similar. There is even a vulnerability in OpenPGP that if you can replace a secret key temporarily then intercept a badly-signed message, you can get the true secret key. But that involves actually mucking around with cryptography; my method of choice would be to replace the gpg binary.
> > > * Could they make it dump core and rip the passphrase from that? If it
> > > dumped core, the passphrase would be readily available. In a perfect
>
> Programs which handle sensitive information should disable core
> dumps - this is pretty easo on most systems.
Didn't know this. How? (Reply directly if this is too OT for the list)
> > a passphrase could be encrypted time-limited, the program could recrypt it
> > from time to time, so it would not stay unencrypted in memory too long.
>
> And where do you keep the key for this encryption ?!
... unencrypted, in memory! Anyway, I'm off to practise my paranoia some more :-) - -- Dave Turner dct25@cam.ac.uk http://www.geocities.com/dcturner2000/ -----BEGIN PGP SIGNATURE----- iD8DBQE7Dr8feFNVJYkmfV8RAqykAJ9WUtLKMENxFTCYBfI5sHd/iiBTqgCfXSUj OpH/7L+2d+LikE1MW9EjfIg= =Kbhe -----END PGP SIGNATURE-----