1996-12-24 - Re: [PGP-USERS] Password Keystroke Snarfer Programs (passphrase protection)

Header Data

From: Norman Hardy <norm@netcom.com>
To: Dave Del Torto <stewarts@ix.netcom.com>
Message Hash: a63ec807ab2e8d1650e384b6998010fb72ffd89aeeded0e396441817bf345ceb
Message ID: <v03007800aee4f0e21286@DialupEudora>
Reply To: <1.5.4.32.19961219082542.003d493c@popd.ix.netcom.com>
UTC Datetime: 1996-12-24 03:16:45 UTC
Raw Date: Mon, 23 Dec 1996 19:16:45 -0800 (PST)

Raw message

From: Norman Hardy <norm@netcom.com>
Date: Mon, 23 Dec 1996 19:16:45 -0800 (PST)
To: Dave Del Torto <stewarts@ix.netcom.com>
Subject: Re: [PGP-USERS] Password Keystroke Snarfer Programs (passphrase protection)
In-Reply-To: <1.5.4.32.19961219082542.003d493c@popd.ix.netcom.com>
Message-ID: <v03007800aee4f0e21286@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 8:45 AM -0800 12/19/96, Dave Del Torto wrote:
>At 12:25 am -0800 12/19/96, Bill Stewart wrote:
....
>>
>>Be careful - PGP goes to a lot of effort to overwrite your passphrase
>>when it's done using it; Norton or grep or other disk-crawlers are unlikely
>>to do so, because that sort of paranoia's not part of their job [elided]
>
>Indeed, and any malignant passphrase-snarfer is probably going to
>anticipate this counter-attack and scramble the text stream it saves
>invisibly so that disk sector searches will be unlikely to pop up your
>passphrase. We definitely need to build better defenses against this sort
>of thing.
>

The only way I know to solve this problem is to get a real operating system.
This excludes the Mac, DOS and its descendents.
First the kernel must be designed to prevent programs from installing
themselves wherever they wish. (Gasp, even useful prrograms!) Second
they must not be encumbered with piles of tools written by people with
no sense of security. Such tools are often installed with more authority
than they should require. There is a Unix system call that displays the
most recent command that any user has typed. This call is used by the
ps command to describe the origin of a task.

Perhaps NT is new enough that it hasn't gathered all of these holes.
I don't use NT so I wouldn't know.







Thread