RE: Passphrase and swapfile (David Picón Álvarez)

Steve Butler sbutler@fchn.com
Thu Jun 6 17:18:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In a recent article I read the authors showed that even overwriting does
not prevent a well financed and determined group from picking off the
last 4-5 layers.  It has to do with the stray magnetic fields and the
heads not being exactly (down to the atom) positioned the same for each
write.  In fact, that technology is used by some data recovery
companies to pick off data one layer back.  So, even if it has been
"properly" erased, somebody, with the right set of tools, can read it.

The main question becomes, in the swap file which set of random byte
sequences (even ASCII strings) do we use.  Now, that might still be a
smaller set to test.  So, perhaps the programs that do deal with pass
phrases should always make sure that they are buried in a much larger
and random ASCII string in memory.  The exact location could also be
random thus increasing the uncertainty of using any particular string
or sub string found in a swap file.

- --Steve

- -----Original Message-----
From: David Picón Álvarez [mailto:eleuteri@myrealbox.com]
Sent: Thursday, June 06, 2002 2:47 PM
To: gnupg-users@gnupg.org
Subject: Re: Passphrase and swapfile (David Picón Álvarez)


Hi,

> Don't be to worried about your passphrase
> appearing in the swap file.  In a Gb of random
> data being updated every hour or so it's fairly
> likely that your passphrase will appear
> randomly a few times a day too, unless you
> have a whale of a passphrase.

Alright.

I just got interested because I read of forensic software which can
extract
information from swapfile, tnd they say it's quite powerful. I suppose
it's
more of a theoretical danger, though, since I'm not a public enemy yet
:-)

- --David.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32) - WinPT 0.5.12

iD8DBQE8/302KCpUdwOFgdgRArg8AJwI600NGYi18J9CrYk8uNmv2NVHJgCfeusK
5knpw4butOmFDx95oYQ5Vjk=
=w/88
-----END PGP SIGNATURE-----


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.