1996-12-19 - passphrase protection (was: Re: [PGP-USERS] Security LeakPrograms)

Header Data

From: Dave Del Torto <ddt@pgp.com>
To: taoboy <taoboy@sprynet.com>
Message Hash: 0c2c469806215d703ef45f966b516ac43a9b470d05248725685168960d476334
Message ID: <v03100b23aede9b8d556d@[204.179.135.28]>
Reply To: <199612150251.SAA14543@m9.sprynet.com>
UTC Datetime: 1996-12-19 17:07:32 UTC
Raw Date: Thu, 19 Dec 1996 09:07:32 -0800 (PST)

Raw message

From: Dave Del Torto <ddt@pgp.com>
Date: Thu, 19 Dec 1996 09:07:32 -0800 (PST)
To: taoboy <taoboy@sprynet.com>
Subject: passphrase protection (was: Re: [PGP-USERS] Security LeakPrograms)
In-Reply-To: <199612150251.SAA14543@m9.sprynet.com>
Message-ID: <v03100b23aede9b8d556d@[204.179.135.28]>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Boundary..3949.1071713653.multipart/signed"

--Boundary..3949.1071713653.multipart/signed
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

In Reply to the Message wherein it was written:

>I have just in the last few minutes realized how I need to bring attention
>to the security level of my own computer or PGP means NOTHING in terms of
>protection.

Indeed, Floyd: the dirty little secret is that passphrase protection is a more serious weakness than almost any other factor. I don't just mean dictionary attacks: those are way too expensive if you can just grab a text stream saved to an invisible file on an unsuspecting user's net-accessible machine. The new generation of PGP software (3.x) includes several new prompts/enhancements to the passphrase entry process: perhaps subsequent releases could take those even further into the realm of system-level monitoring.

>PZ writes in the manual about the inability to fully wipe, etc.
>when using virtual memory but this problem I just encountered in security
>goes beyond that, I believe.
>I have been installing a Macintosh program, FileGuard, which adds several
>levels of security. I knew about and had used the invisible extension
>HiddenOasis that saves EVERY keystroke made on the machine.

I started doing an informal survey of all key capture utilities (on all platforms) a couple of years back, but there were so few utilities publicly available back then, very few respondents came back at me with items to list.

It occurred to me then that if there _were_ persons trying to grab passphrases from an individual's machine, it would be a significant advantage to have "invisible" keystroke monitors and for all knowledge of the existence of such utilities to remain a closely-guarded secret (from, say, the laptop of an FBI counter-intelligence instructor suspected of selling secrets to foreign agents for a few hundred thousand dollars, or something improbable like that). However, it's not the "good guys" we mainly need to be concerned with: there is a great deal of industrial espionage that needs some sunshine. The viability of personal privacy software in the marketplace is threatened if such utilities spread: as a responsible company protecting both the public's interest and our own company's survival, we need to plan for very sophisticated passphrase attacks and constantly educate users about this danger.

That having been said, this invisible "HiddenOasis" item you mention is a new one to me: I'd like a copy to test in our lab and my interest in hearing about everyone's favorite keycapture utility is rekindled. Maybe my boss will let me devote, oh, about 0.73% of my time to this. ;)

PGP's engineers have already spec'ed out some good defenses against subtle attacks like ion migration (memory burn-in), and with everyone's help (we can't watch every security leak, that's why we need you guys!), we can continue to work up defenses against such wee beasties. Any whistleblowers are also invited to drop a dime: my public key is widely available (even clickable) through the header URL above and we still have anonymous remailers in this country. Nudge-nudge, say no more, etc.

[elided]
>To my surprise as I set user priveledges with FileGuard, I saw a previously
>unnoticed folder far from my root directory called, "Ghostwriter."

This gives new meaning to the term "spook"...

>I rummaged through it and many, most of the files therein (900k of files)
>showed various passwords I had consdered absolutely uncompromised in
>plaintext.

It's quite a shocking feeling to realize what defaults are built into some popular commercial apps, isn't it?  :/  You don't often see "insignificant" items like this get mentioned in any popular reviews either. It could be that even more users out there are ignorant of this issue than there are sysadmins who haven't read up on the SYN attack.

>It turns out that the spell-check program, SpellCatcher  [elided]  created
>these files which (from the manual), "For the Ghostwriter feature, Spell
>Catcher saves a continuous stream of keystrokes to a text file inside the
>SPEL CATCHER FOLDER." The manual does mention disabling Ghostwriter before
>typing a "sensitive password." But offers no way to PERMANENTLY shut this
>feature OFF.   [elided]

If confirmed, this is an absolutely unconscionable design flaw, IMHO.

Anyone who has a specific comment (include URLs if possible), please mail me and put "passphrase protection" somewhere in the subject line.
<"mailto:ddt@pgp.com?subject=passphrase protection">
I'll collect them, filter to our engineers where appropriate and eventually, when we have enough for a decent matrix, I'll either post a summary on our website or write up an informational RFC.

   dave


________________________________________________________________________
Dave Del Torto                                      +1.415.524.6231  tel
Manager, Strategic Technical Evangelism             +1.415.631.0599  fax
Pretty Good Privacy, Inc.                        http://www.pgp.com  web



--Boundary..3949.1071713653.multipart/signed
Content-Type: application/octet-stream; name="pgp00000.pgp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp00000.pgp"
Content-Description: "PGP signature"

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogMi42LjMK
Q29tbWVudDogVmVyYnVtIHNhcGllbnRpIHNhdGlzIGVzdC4KCmlRQ1ZBd1VB
TXJsMitLSEJPRjlLcndEbEFRR1VlZ1ArT04zQVNPVmx4QWlPTmhjVTdpS29q
NGw5OU9JNHNoYkMKU3NoWVc4OGFoUjd0a2pXR3RHTVNRdHhXTHM2N2ZtMXBX
V2F3bmpVNWlBdEdIQVZrUG0xZ3VadENxT0NFWm1wNgpxRG9vaGFBUk1oWVlo
dGpaWTJjaUV3M3MydXZwOE43S1J4dkJ3cmpHdWdXV09YcjRzVGFRd29hT2F6
Y3dRMVhPCjVqTjBLTU40T2ZJPQo9UmxNZQotLS0tLUVORCBQR1AgU0lHTkFU
VVJFLS0tLS0K
--Boundary..3949.1071713653.multipart/signed--




Thread