On Mon, Oct 24, 2005 at 12:11:08PM -0400, Derek Martin wrote: > On Mon, Oct 24, 2005 at 11:53:52AM -0400, David Shaw wrote: > > I think it's possible to invest a lot of effort into the whole secure > > memory question. It's a real issue, to be sure, but how relevant is > > it to most people? For example, it's possible for an attacker with > > root access to sniff out a passphrase from swap... but really, if an > > attacker had root access, the game was already lost. > > I believe this is very much not the case with regard to one's personal > security and encrypted files. My understanding is that even if the > attacker has the user's private key, it is next to useless unless they > also have the passphrase. Brute force passphrase attacks are > exceedingly difficult to effect, making them prohibitive for most, if > not all attackers. Note that this also assumes that the user does not allow mutt to remember the passphrase, and that mutt erases the data from memory when it "forgets" the passphrase. Otherwise an attacker with root could obtain it from mutt's image in memory... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Attachment:
pgpJd1qWSfY5H.pgp
Description: PGP signature