GnuPG Daemon?
David Turner
dct25@cam.ac.uk
Fri May 25 22:24:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 25 May 2001, Werner Koch wrote:
> On Fri, 25 May 2001, clemensF wrote:
>
> > in what way? recovering the passphrase should be hard for root as well.
>
> There 42 and more ways for root to do _everything_.
>
> What about attaching strace to a running gpg or replacing the gpg
> binary with a version whichs logs passphrases or just tracing all
> syscalls or pty dataflows.
Or something similar. There is even a vulnerability in OpenPGP that if
you can replace a secret key temporarily then intercept a badly-signed
message, you can get the true secret key. But that involves actually
mucking around with cryptography; my method of choice would be to replace
the gpg binary.
> > > * Could they make it dump core and rip the passphrase from that? If it
> > > dumped core, the passphrase would be readily available. In a perfect
>
> Programs which handle sensitive information should disable core
> dumps - this is pretty easo on most systems.
Didn't know this. How? (Reply directly if this is too OT for the list)
> > a passphrase could be encrypted time-limited, the program could recrypt it
> > from time to time, so it would not stay unencrypted in memory too long.
>
> And where do you keep the key for this encryption ?!
... unencrypted, in memory!
Anyway, I'm off to practise my paranoia some more :-)
- --
Dave Turner
dct25@cam.ac.uk http://www.geocities.com/dcturner2000/
-----BEGIN PGP SIGNATURE-----
iD8DBQE7Dr8feFNVJYkmfV8RAqykAJ9WUtLKMENxFTCYBfI5sHd/iiBTqgCfXSUj
OpH/7L+2d+LikE1MW9EjfIg=
=Kbhe
-----END PGP SIGNATURE-----