[12026] in cryptography@c2.net mail archive
Re: did you really expunge that key?
daemon@ATHENA.MIT.EDU (Simon Josefsson)
Fri Nov 8 17:24:51 2002
To: "John S. Denker" <jsd@monmouth.com>
Cc: cryptography@wasabisystems.com
From: Simon Josefsson <jas@extundo.com>
Date: Fri, 08 Nov 2002 18:45:53 +0100
In-Reply-To: <3DCBC31D.2040905@monmouth.com> ("John S. Denker"'s message of
"Fri, 08 Nov 2002 08:58:53 -0500")
"John S. Denker" <jsd@monmouth.com> writes:
> 1) This topic must be taken seriously. A standard technique
> for attacking a system is to request a bunch of memory or
> disk space, leave it uninitialized, and see what you've got.
I find that this thread doesn't discuss the threat model behind
"expunging" keys, and this statement finally triggered my question.
On which systems is all this really an issue, and when? Which
operating systems "leak" memory between processes in this way? Which
operating systems swap out processes to disk that can be read by
non-privileged users? Which operating systems write core dumps that
can be read by non-privileged users? My gut feeling tells me that if
you can allocate memory on a system, there are easier way to attack it.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
