-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Detailed answer: If the system is compromised, they have all > the data they need to get all the data. > [snip] > Also, remember that if the system is compromised, you can > probably get a lot of cool info via a 'strings /dev/kmem' or > similar.... True, but remember that there is a big difference between getting user access to some files, and root access to /dev/kmem. Also, there is nothing that says that the passphrase has to look like a readable passphrase - if its hardly ever going to be typed in by a human then it might as well be something that doesn't look like one in a strings output. I think that client is probably worried about regular users that will have access to the file system, rather than a determined external hacker. The kind of people who could easily create a script to grab any plaintext temp files, but who wouldn't have access to the source code, the passphrase, or root. You know: regular employees. Regards, Keith. -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt iQA/AwUBPhtGpb0tREWslyrAEQJrMwCgn8nYcHSHrJoMHOtwUWhNHNrhc8sAoMSW kN7VFUa7JJgqyL2AH0I42Dmb =Qzj7 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 16:47:59 PST