Fri May 25 22:24:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 25 May 2001, Werner Koch wrote:
> On Fri, 25 May 2001, clemensF wrote:
> > in what way? recovering the passphrase should be hard for root as well.
> There 42 and more ways for root to do _everything_.
> What about attaching strace to a running gpg or replacing the gpg
> binary with a version whichs logs passphrases or just tracing all
> syscalls or pty dataflows.
Or something similar. There is even a vulnerability in OpenPGP that if
you can replace a secret key temporarily then intercept a badly-signed
message, you can get the true secret key. But that involves actually
mucking around with cryptography; my method of choice would be to replace
the gpg binary.
> > > * Could they make it dump core and rip the passphrase from that? If it
> > > dumped core, the passphrase would be readily available. In a perfect
> Programs which handle sensitive information should disable core
> dumps - this is pretty easo on most systems.
Didn't know this. How? (Reply directly if this is too OT for the list)
> > a passphrase could be encrypted time-limited, the program could recrypt it
> > from time to time, so it would not stay unencrypted in memory too long.
> And where do you keep the key for this encryption ?!
... unencrypted, in memory!
Anyway, I'm off to practise my paranoia some more :-)
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----