RE: Passphrase and swapfile (David Picón Álvarez)

Steve Butler
Thu Jun 6 17:18:02 2002

Hash: SHA1

In a recent article I read the authors showed that even overwriting does
not prevent a well financed and determined group from picking off the
last 4-5 layers.  It has to do with the stray magnetic fields and the
heads not being exactly (down to the atom) positioned the same for each
write.  In fact, that technology is used by some data recovery
companies to pick off data one layer back.  So, even if it has been
"properly" erased, somebody, with the right set of tools, can read it.

The main question becomes, in the swap file which set of random byte
sequences (even ASCII strings) do we use.  Now, that might still be a
smaller set to test.  So, perhaps the programs that do deal with pass
phrases should always make sure that they are buried in a much larger
and random ASCII string in memory.  The exact location could also be
random thus increasing the uncertainty of using any particular string
or sub string found in a swap file.

- --Steve

- -----Original Message-----
From: David Picón Álvarez []
Sent: Thursday, June 06, 2002 2:47 PM
Subject: Re: Passphrase and swapfile (David Picón Álvarez)


> Don't be to worried about your passphrase
> appearing in the swap file.  In a Gb of random
> data being updated every hour or so it's fairly
> likely that your passphrase will appear
> randomly a few times a day too, unless you
> have a whale of a passphrase.


I just got interested because I read of forensic software which can
information from swapfile, tnd they say it's quite powerful. I suppose
more of a theoretical danger, though, since I'm not a public enemy yet

- --David.

Version: GnuPG v1.0.6-2 (MingW32) - WinPT 0.5.12


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.