From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 12 Mar 1996 19:02:09 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Remailer passphrases
Message-ID: <199603120748.XAA09989@ix14.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 08:16 PM 3/11/96 -0500, "Mark M." <markm@voicenet.com> wrote:
>On Mon, 11 Mar 1996, Gary Howland wrote:
>> The only disadvantage of this is that the remailer cannot be rebooted
>> without a passphrase being entered, but then there are ways around this
>> (entering the passphrase remotely over a secure link etc., or more
>> sophisticated 'remote authorisation' systems).
>> 
>> The advantage of this is that the password is never on the disk,
>> only in memory (which will take serious (read "expensive") to extract).
>
>I don't know that it would be that expensive.  If someone was able to gain
>root access to the system, something like "strings /dev/kmem" could narrow
>the search for the passphrase down significantly.  

Except for special multi-level secure operating systems, and maybe some
fancy capability-based systems, any operating system is going to let
some administrator poke around in memory and on the disk, and if there's
information anywhere on the machine, it can be gotten by the presevering
privileged person.  However, keeping the data off the disk is a very good
start, and RAM-grubbers are far tougher to run on good OSs than disk-grubbers.
Since the remailer has to decrypt data sent to it, it needs the password.

The alternative to keeping the data in RAM or on disk is to keep it on some
board or box hanging of a comm port or bus, such as a spare PC on RS232
running just a remailer application, or a decently self-protecting smart card
in a PCM-CIA slot.  To be really effective, it needs to be running the
remailer application as well as just crypto; otherwise it might be possible
to trick the card into decrypting arbitrary data for you or letting you
snoop the remailer.  On the other hand, if you're not that paranoid, and
just want to do crypto on a card anyway, Matt Blaze did some interesting
protocols
for fast decryption with a CPU assisting a slow smartcard; they're on 
ftp://research.att.com/dist/mab/card_cipher.ps
        M. Blaze, "High-Bandwidth Encryption with Low-Bandwidth
        Smartcards."  January 18, 1995.  PostScript pre-print, to
        appear.


>Of course one could obfuscate the passphrase by XOR'ing it with 0x80,
> but that's only security through obscurity.
You could be a bit more obscure than that if you wanted :-)
#--
#			Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...