Re: Passphrase and swapfile (David Picón Álvarez)

[David Picón Álvarez]

--iV31z1fZ.5XiMkIG0nnxfhpcRy8C.PaU
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi,

> Imagine yourself acting from the attackers point of view.  The passphrase
> might, and might not appear within the last overwrite of the swap file.
The
> directory shows which sectors the swap file occupies.  A complete
> replication of the swap file is achieved in Windows.  The encrypted
> messages and the secret key file are in hand.  You, as the attacker, do
> not know where in the swap file the password might exist.  You decide to
> limit your search to strings in which bit 7 is not set.  Even though the



Now, this is partly true, but isn't it so that if you know what program
could have put the string there it is easy to look for chunks of the
program?

> for an English dictionary search type attack is about perhaps 140K bytes,
> and the permutations for that are already worked out in advance.  We're


But that will only work if the passphrase is natural-language based. In fact
that will only work if it's english-based, which, if you're interested to
know, isn't :-)


> will, either.  Suddenly the dictionary search starts to look like a pretty
> good thing to try first.  Next, since you've already succeeded at


I agree that dictionary attack is the first concern. I was just thinking of
other possibilities. At any rate, as I've already said, this is more of a
hypothetical risk, since I'm not some sort of narco-god or something.

> burglarizing this computer, will you begin to consider alternatives to
> cracking the password from the swap file, such as trapping keystrokes
> over the course of weeks with a tiny program you've added?  Let's face

You can only do that if you give the computer back. I was thinking more in
terms of the computer being seized.


> it, a skillful attacker has many alternatives, and would prefer to use one
> that yields consistent results.  Is the most recent overwrite of the swap
> file really the greater risk to your security?  Isn't a brute force
password
> crack likely to be in the arsenal of the attacker?  Wouldn't the attacker
> be equipped for that, too?


By brute-force password do you mean brute-forcing the symmetric cipher with
which the key is encrypted? Isn't that supposed to be nearly impossible?


At any rate, your answer is quite enlightnening, and it made me see quite
many alternatives.

Thank you.

--David.




--iV31z1fZ.5XiMkIG0nnxfhpcRy8C.PaU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Comment: This message is digitally signed and can be verified for authenticity.

iQQXAwUAPQAn7IVy4iYQ9LKqFAIPOQ//RMgN/8xuNKxnnQ6d6eTF8KTh7VqUCXj8
iJyBdH8QqBDjrhaIFDht8OyWWFDCybOV9UCBg1D87rXuJdxeWlOW2PVnUg+Cv1OQ
jYrX4y/bIx75OC24KLDyjqXgbfrqcnIcZNdRzpXlyXfDqwTJ1HufmHTU1Jk5PCYv
cSki0EAGW4TgocbU+Srxkn3zKC6aC/MI7ElI43qNFtwTLO9iJV/pxVWdh3nB8HPJ
4fopm7kfBsyFwLZapLPfmhJLfw/duxCnUA/a4XZrllF1fEUEr+ZjLBQ0PkXEpdIF
ko28g6rb/Lrx+6pw7Rnqwvgch5kkhKmwg+0V3mPVghH56Uyw9azVZxnTC6pEtlkF
c3FUOcKFYu0O8Iw2gbLNyMH/g1ECpZF9CsJCVeitW5q/+RaXxIhSVQXt/PEO+DX3
b2p7pOSYSQ5pK0C0tIbMF9Lyf3IB6rnRaVjtWA3E5A/lS9FydThLL0fsDMhgUMuo
Ho4dt3rTYO18FOGJWmu/cpg7V331cVKHWOq0kEO9eXlnWaFc8SYnbMTkaoJovSxn
BxWtusBkg9IAQytvJg9Znt1mfl0K+THqR+JxFA5VFBpD0zjqUsqo9v5VT6mmbt3m
zY4eLIb8ZsJ5skXrvphG3gFN4fsRaHkLmfvOUKEss/BAk3s9F7SaKyTi20hGpHJ/
tilrw7GH8NUP/2GFBxF5lFoea1xipEQ7eF/wD9QQiVw8xN1h+ET/4PkL/jFXeRM1
vTNwP2rfM1uLbgUPRbXH+qgE3W6ajJJ8qYWt4E3yCyfgS4MTb99AChywvPDMcMPa
VvfRWuCI0ObXgIbJ9vOTteVbfkIc6OlfeQdZ9u4EBxRIMqAUUd0NmsDI6xgBF4ux
uM+TYqssU3pvWW3blXkroVXOFqmiRy1SuXTAjCY72MFM2Co24EJTcLX++7wgqoSn
BE/tIpaogZFn9Hvx3e9ktXKeS39o46yilt05i4dYtkKqxDMjH0LVx/q2dhciusYn
UVkBirAdCIi62eDndRjfQtihxfBIMPAFNK3mLGjl5S9yr4OmZxIk8n8VuiJQR6Ua
ye5iNIjGW1dLMcbcfjOaq6BJm09AUKcXBGYQM54HwhAKSRVbKxIi/cjMdIO+UQxu
9WJDkn/JCSdBSTtxr4JLHa+n/n8q/Kwj40tpqgW46UYrhNiT6rK6vLuoEu1GvJgN
7LP14lmlkNj3SlTp7T2lHbtQDmYwij05/yzfjQnOn8+H5GSOyNSuLUIcr2hXZrye
bx+DP9H89QaLRHV70VQDUb1GheF+CTwfTL94ei+SIIse4Xf6piKZNj8w/SR0Vg57
rn052TVNA4FTTsllZnj6VHVhl2/eVRQdlr6BZ60ykvmZ/QlimVaErFft
=felj
-----END PGP SIGNATURE-----

--iV31z1fZ.5XiMkIG0nnxfhpcRy8C.PaU--