[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography
Subject: Re: cleartext SSH, Truecrypt, etc passwords in memory
From: Peter Gutmann <pgut001 () cs ! auckland ! ac ! nz>
Date: 2008-07-27 18:59:57
Message-ID: 20080728065957.6tddhw0g0008co40 () webmail ! cs ! auckland ! ac ! nz
[Download RAW message or body]
Sherri Davidoff <alien@MIT.EDU> writes:
> For this paper, I specifically examined the case where memory was dumped
> while the applications were still active. The snapshots were taken up to
> 45 minutes after the passwords were entered. (See Appendix A for the
> full testing procedure.) Given that users keep applications such as
> SSH, Truecrypt, email, etc open for a significant percentage of time
> that they use their systems, I do think it's important for applications
> to zero sensitive data immediately after it is used rather than waiting
> until the process is closed.
I think it'd be good to distinguish between cases where keeping
cryptovariables around is a bug and where it's by design. For example SSL
caches the shared secret information for later use in session resumption
so finding a copy of that in memory while an SSL client or server is
running isn't a bug. Finding it after it's exited is. Even then though,
some apps include daemons that cache credentials and whatnot for ongoing
use by the app (e.g. the assorted 'xyz-agent' helpers for things like
various SSH clients or GPG) so finding the information in memory when the
app has exited but the cacheing daemon hasn't isn't necessarily a bug.
> As a next step, it would be great to follow the same procedure, but
> image all of memory after the applications have been closed.
That'd be the interesting one, because keys left lying around in memory
afterwards is definitely a sign of a problem (but be careful about the
cacheing issue mentioned above).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic