[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PGP-USERS] Password Keystroke Snarfer Programs (passphraseprotection)
At 12:25 am -0800 12/19/96, Bill Stewart wrote:
>Several articles on the PGP-users mailing list have discussed
>keystroke snarfers that unexpectedly grab and save keystrokes,
>including passwords, severely weakening any benefits from encryption.
[elided]
>From: [email protected] (Pat McCotter)
>>Which is why, every once in a while, I do a search of my entire disk [...]
>>with Norton DiskEditor. [elided]
>
>Be careful - PGP goes to a lot of effort to overwrite your passphrase
>when it's done using it; Norton or grep or other disk-crawlers are unlikely
>to do so, because that sort of paranoia's not part of their job [elided]
Indeed, and any malignant passphrase-snarfer is probably going to
anticipate this counter-attack and scramble the text stream it saves
invisibly so that disk sector searches will be unlikely to pop up your
passphrase. We definitely need to build better defenses against this sort
of thing.
dave
________________________________________________________________________
Dave Del Torto +1.415.524.6231 tel
Manager, Strategic Technical Evangelism +1.415.631.0599 fax
Pretty Good Privacy, Inc. http://www.pgp.com web