Re: PGP scripting...

From: Valdis.Kletnieksat_private
Date: Fri Jan 10 2003 - 11:31:54 PST

  • Next message: Jason Coombs: "RE: PGP scripting..."

    On Fri, 10 Jan 2003 13:45:07 EST, Andrew MacKenzie <andyat_private>  said:
    
    > If the passphrase were to be entered by hand, say at boot time or some
    > such, would the security gain be much greater (depending on the strength of
    > the passphrase of course)?  Is a brute force attack on the passphrase the
    > only reasonably possible means by which one can decrypt the data?
    
    This will close the problem of recovering a ready-to-use key from some
    server.conf file on disk.  This will almost certainly stop Joe ScriptKid,
    and put a severe crimp in the plans of most inside attackers.
    
    However, there's still holes here - if the attacker gets access to the server's
    UID, they can do something like:
    
    % gdb your.server -p NNNNN    (or whatever flags your debugger uses)
    gdb> print *pgpkey
    <lots of output skipped>.
    and then use that to reconstruct the key.
    
    Removing gdb doesn't help much, as the attacker can still run custom code
    that can use ptrace() and friends.  If they break root (or whatever is needed
    to read /dev/kmem and /dev/swap) they can go scavenging there....
    
    The important question is, of course, what you assess the chances that you
    will have a motivated attacker of that caliber targeting you.  And only your
    site can evaluate what they think the risk model should be...
    -- 
    				Valdis Kletnieks
    				Computer Systems Senior Engineer
    				Virginia Tech
    
    
    
    



    This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 11:35:07 PST