Re: Encrypting passwords stored in memory

Dave Howe wrote:
> Having a fixed key *at all* is asking for someone to come along
> and disassemble the code and recover it.

Just to review the case under discussion, we are encrypting a secret held in
memory using a key that is available to the running program (whether hidden
in the executable or obtained from RNG etc). We are assuming effective
memory locking to prevent the executing program and its data from being
swapped to disk.

Suppose the attacker can obtain the encrypting key. He must also obtain the
cyphertext (encrypted secret) in order to decrypt. But since it is locked
in memory, he won't be able to find it on disk. He must be able to extract
it from memory, presumably from a residual impression in the memory chips.
Or perhaps he could attack a running system by exploting some sort of
failure in the operating system's memory protection scheme. (Otherwise he
won't be able to decrypt even though he has the key.) And therefore he can
obtain the encrypting key, even if it was obtained from a RNG. (That key
*must* be kept in memory for future use!). Given the capabilities that
the attacker must necessarily have, the RNG adds no additional security.

So an attacker with physical possession of the computer can obtain all the
binaries involved in the system. There is no foolproof defense. All you
can do is to make his life just a little more difficult.

TCPA / TPM would very likely be a great improvement. But someone will break
that eventually. It's still information in the possession of the attacker.
If the CPU
can get the information necessary to decrypt the secrets, then a
person in possession of the computer can. Perhaps the NSA has a hacked
Intel chip which exposes its registers to them as it executes... Or perhaps
Intel has one. Or some disenchanted Intel engineer. Or some Intel insider
with a recently enhanced bank account. etc...

Bottom line, if your attacker can obtain the computer, all bets are off.

Alan
Received on Thu Sep 29 21:57:26 2005