[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Remailer passphrases



-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 11 Mar 1996, Gary Howland wrote:

> This of course assumes that the remailer runs as a process - if it doesn't
> then there is no reason a 'remailer helper' cannot.
> 
> The only disadvantage of this is that the remailer cannot be rebooted
> without a passphrase being entered, but then there are ways around this
> (entering the passphrase remotely over a secure link etc., or more
> sophisticated 'remote authorisation' systems).
> 
> The advantage of this is that the password is never on the disk,
> only in memory (which will take serious (read "expensive") to extract).

I don't know that it would be that expensive.  If someone was able to gain
root access to the system, something like "strings /dev/kmem" could narrow
the search for the passphrase down significantly.  Of course one could
obfuscate the passphrase by XOR'ing it with 0x80, but that's only security
through obscrurity.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[email protected]              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUTQWrZc+sv5siulAQFH4wP/YOY0gxwW/F4+D/kt8cXw47XhldBfd8bK
9jM50XoZLOv9QHs6udtmIro1+2Dkb8eZz8HBn4gn+CVAIqso10LvevGXe8TpZ96p
iO/XRm3LDpkdrt6mHoCC/J679hQ5nJgB0PThsBNl8MpW5mZMF5kZp9RWTosVsY3N
FKGVQQSQ0VA=
=UiDo
-----END PGP SIGNATURE-----