RE: Passphrase and swapfile (David Picón Álvarez)
Ryan Malayter
rmalayter@bai.org
Thu Jun 6 21:25:01 2002
From: Leigh S. Jones, KR6X [mailto:kr6x@kr6x.com]
>...We are talking 1Gb of swap file here. If you find
>a 20 character long sequence enclosed by NULL characters,
>will you only try to use all 20 characters? Or must you
>try many permutations? Perhaps the last 11 characters?
>Perhaps the last 9? ...
I don't think things would be nearly as difficult for the attacker as you imagine. If you know something about what the binary program code of the encryption application looks like, you'll be able to find that code easily. Typically, memory would be allocated in a similar fashion, virutal-address-space wise, on every run of the encryption program. The passphrase (or a pointer to it) will probably appear very near to, if not exactly on, the same set of swap pages as the encryption program code. Even if it wasn't nearyby, all you would need to do is discover something about the virtual-to-physical address space mapping at run-time figure it out.
It wouldn't be easy, of course, and you'd need a lot of expertise in the OS's memory-management, but it would be a heck of a lot easier than a brute-force search.