[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Remailer passphrases



-----BEGIN PGP SIGNED MESSAGE-----

[email protected] writes:
On Mon, 11 Mar 1996, Gary Howland wrote:

> > This of course assumes that the remailer runs as a process - if it doesn't
> > then there is no reason a 'remailer helper' cannot.
> >
> > The only disadvantage of this is that the remailer cannot be rebooted
> > without a passphrase being entered, but then there are ways around this
> > (entering the passphrase remotely over a secure link etc., or more
> > sophisticated 'remote authorisation' systems).
> >
> > The advantage of this is that the password is never on the disk,
> > only in memory (which will take serious (read "expensive") to extract).
> 
> I don't know that it would be that expensive.  If someone was able to gain
                                                 ^^
> root access to the system, something like "strings /dev/kmem" could narrow
> the search for the passphrase down significantly.  Of course one could
> obfuscate the passphrase by XOR'ing it with 0x80, but that's only security
> through obscrurity.

Sure, _if_ they were able to gain root access without rebooting the machine,
but the usual scenario is that the filth turn up with black bin liners, not
men from the NSA.

Gary
- --
pub  1024/C001D00D 1996/01/22  Gary Howland <[email protected]>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMUVVMioZzwIn1bdtAQFFPAGAkqQFY1FRwSunSdqkvZBQx8S6BnD7UXRV
ztKYpHcCkyex8pT4jL/WqeEIGPUXfi4l
=voJ5
-----END PGP SIGNATURE-----