Hello Lev,
thx for the quick answer
We use openssl to en/decrypt data with 3des - is it possible to retrieve the used key while running a de/encryption via a memory debugger or something similar ?
yes.
Are there any preventions against such attacks or has noone ever thought about such an attack ?
the problem is: you cannot completely eliminate all possible ways to attack the system.
plan for building the system for which the cost of stealing the key would be
barely more than expected damage which can possibly occur from breaking the
system. that's the golden practical rule.
yes of course - you must find the balance between paranoid and necessary ;)
Are there any studies or test that have dealt with this issue ? That it is theoretically possible was clear to me, the question meant if it is "enough possible" for practical relevance - I even can hack a 3des key in a certain amount of time - so there is of course no 100% security...
TIA
Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
