The following reply was made to PR mutt/580; it has been noted by GNATS. From: TAKAHASHI Tamotsu <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: Subject: Re: mutt/580: mutt stores PGP passphrase insecurely Date: Mon, 24 Oct 2005 23:13:49 +0900
* Sun Oct 9 2005 Derek Martin <[EMAIL PROTECTED]> > On Fri, Oct 07, 2005 at 02:42:51PM +0200, Thomas Roessler wrote: > > On 2005-10-07 04:35:02 +0200, Derek Martin wrote: > > > Admittedly this is not a severe issue, but it is a legitimate > > > security concern. I think this really ought to be re-opened. > > > > I disagree, unless someone can actually demonstrate (a) a realistic > > attack model against which mutt is vulnerable, and (b) a defense > > against this attack model that could be implemented. > Still, I'd like to hear what others with more experience than I have > to say about this issue. I don't think both (a) and (b) are satisfied. But I want to share the result of my experiment. I did: 0: run mutt and decrypt a PGP message. 1: run another mutt and decrypt the same PGP message. 2: run a script which uses a lot of memory. 3: (as root) cat /dev/hda3 (my swap) | strings | grep -5 "some-of-my-passwd" | tee /tmp/pgppasswd.txt 4: reboot without swap 5: (as root) cat /dev/hda3 | strings | grep -5 "some-of-my-passwd" | tee /tmp/pgppasswd.2.txt pgppasswd.txt: ========================================= PGP message successfully decrypted. ]9;1130148457 mutt mutt /home/tamo/.mutt/pgp <password> /home/tamo/.terminfo [%i%p1%d;%p2%dr [%i%p1%dG [%i%p1%d;%p2%dH [?25l -- ja_JP.EUC-JP ja_JP.EUC-JP mutt ja_JP.EUC-JP /home/tamo/.mutt/pgp <password> /usr/lib/gconv/EUC-JP.so /usr/lib/gconv/EUC-JP.so /usr/lib/gconv/EUC-JP.so /usr/lib/gconv EUC-JP.so ========================================= pgppasswd.2.txt: ========================================= 1234567890 1234567890 1234567890 1234567890 1234567890 <password> /home/tamo/.terminfo [%i%p1%d;%p2%dr [%i%p1%dG [%i%p1%d;%p2%dH [?25l -- charset iso-2022-jp x-action pgp-encrypted plain <password> /usr/lib/gconv/EUC-JP.so /usr/lib/gconv/EUC-JP.so /usr/lib/gconv/EUC-JP.so /usr/lib/gconv EUC-JP.so ========================================= So, if the machine you are running mutt is stolen, the disc may contain your plain passphrase. Is this realistic? I don't know. But it was so easy that I could demonstrate. If the thief knows a part of your passphrase, he can grep it like I did. -- tamo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
