How secure is GnuPG

David Shaw dshaw@jabberwocky.com
Thu Jul 25 01:23:01 2002


On Wed, Jul 24, 2002 at 05:40:44PM -0500, Ryan Malayter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> From: Janusz A. Urbanowicz [mailto:alex@FUCKUP.fantastyka.net] 
> >But there is a way to avoid passphrase logging with 
> >keylogger. The solution was used in Tinfoil Hat Linux 
> >(and it was the only interesting thing in it). It works 
> >like that - for every letter off passphrase, there is a 
> >random table of characters displayed and user enters 
> >coordinates of appropriate letter. Since new table is 
> >generated every time, keyloggers are defeated. But, it 
> >is very inconvenient.
> 
> But couldn't a skilled root-level attacker that new about this
> approach sniff the keyboard and the screen, allowing the eavesdropper
> to reconstruct the password?

Sure, but it's a matter of layers of protection.  Each additional
layer makes it that much difficult to mount a successful attack.

First layer is that the attacker doesn't have the secret key.  If they
get the secret key, the second layer is that they don't have the
passphrase.  If we use the passphrase tool in Tinfoil Hat, we've just
made it that much harder (but not impossible, of course) to get the
passphrase.  As each layer is added, you eliminate another group of
potential attackers.  After enough layers, the remaining set of
potential attackers is pretty small.

Of course, if someone had root-level access on a box they could go
around the passphrase problem and just intercept the plantext before
it was encrypted, too :)

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson