RE: PGP scripting...

From: Keith Smith (keith.smith@keiths-place.com)
Date: Tue Jan 07 2003 - 15:29:08 PST

  • Next message: Marcin Owsiany: "Re: PGP scripting..."

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    > Detailed answer:  If the system is compromised, they have all 
    > the data they need to get all the data.
    > [snip]
    > Also, remember that if the system is compromised, you can 
    > probably get a lot of cool info via a 'strings /dev/kmem' or 
    > similar....
    
    True, but remember that there is a big difference between getting user access to some files, and root access to /dev/kmem.  Also, there is nothing that says that the passphrase has to look like a readable passphrase - if its hardly ever going to be typed in by a human then it might as well be something that doesn't look like one in a strings output.
    
    I think that client is probably worried about regular users that will have access to the file system, rather than a determined external hacker.  The kind of people who could easily create a script to grab any plaintext temp files, but who wouldn't have access to the source code, the passphrase, or root.  You know: regular employees.
    
    
    Regards,
    Keith.
    
    
    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt
    
    iQA/AwUBPhtGpb0tREWslyrAEQJrMwCgn8nYcHSHrJoMHOtwUWhNHNrhc8sAoMSW
    kN7VFUa7JJgqyL2AH0I42Dmb
    =Qzj7
    -----END PGP SIGNATURE-----
    



    This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 16:47:59 PST