Robert J. Hansen
rjh at sixdemonbag.org
Thu Oct 16 21:15:55 CEST 2014
> I have a program. It's written in C. I intend to distribute it, in
> binary form only, to other sites. I do not and will not control how
> any fo the local disks are configured at those other sites.
The question then becomes, "who are you securing this data against?" If
your goal is to keep data on someone else's computer in a form that they
can't read, you should be advised going in that it's a fool's errand.
Can't be done.
As an example of how it can be foiled: while your program is running,
tell the computer to hibernate. It writes a memory image to disk. Load
the memory image into a tool like Volatility and start searching through
memory looking for AES key schedules. There won't be more than a
handful of them. Recreate the key from the key schedules and bam,
you've got the original key and can read/write this data stream at-will.
This is not an abstract or theoretical thing. This is real. I've done
it. If you're interested in reading more, check out "The Persistence of
Memory: Forensic Identification and Extraction of Cryptographic Keys."
It was presented at DFRWS back in '09, and is available online at:
It's a good read, including a footnote where they talk about how they
managed to break PGP 8 this way.
> There *are* simply solutions to this rather trivial and common problem.
If you're doing what I suspect you're doing, there really aren't any.
There are a lot of techniques that don't work at all, and of those some
are simple, and a lot of people use them without knowing that they don't
work, instead believing that everything's going swimmingly because they
don't, themselves, know how to break it.
> I should say that it seems to me rather entirely bizzare, preplexing,
> and downright silly that *somebody* went to the trouble to write a
> detailed, 134 page (PDF) manual for the library, and yet prospective
> users of the library, such as myself, cannot find even a single modest,
> real-world example of how to use the bloody thing.
The manual is sufficient for its intended audience. Crypto has a steep
learning curve and no one manual can reach all audiences. Some crypto
libraries are meant for people who don't care about the difference
between CBC mode and Galois Counter Mode; others are meant for people
who care quite a lot. Libgcrypt is in the latter category.
I'm sorry if you find the libgcrypt manual to be of no use, but if it's
of no use, please consider the possibility that you are not libgcrypt's
intended audience. That's no slight on you, on your coding ability, or
your professionalism. I'm a highly-skilled data forensics nerd, but
when I have to do digital signal processing my eyes glaze over when the
A/V nerds start talking about how the butterfly interleave of the fast
Fourier transform is fundamentally and deeply connected to the roots of
unity. There's no shame in not knowing everything, because really, how
could anyone be expected to?
More information about the Gnupg-users