Lev Walkin wrote:
Oliver Welter wrote:
Hello Lev,
thx for the quick answer
We use openssl to en/decrypt data with 3des - is it possible to
retrieve the used key while running a de/encryption via a memory
debugger or something similar ?
[skip]
plan for building the system for which the cost of stealing the key
would be
barely more than expected damage which can possibly occur from
breaking the
system. that's the golden practical rule.
yes of course - you must find the balance between paranoid and
necessary ;)
Are there any studies or test that have dealt with this issue ? That
it is theoretically possible was clear to me, the question meant if it
is "enough possible" for practical relevance - I even can hack a 3des
key in a certain amount of time - so there is of course no 100%
security...
this is very trivial. the key is contained clear-text in the memory image
of a process (/dev/mem, or whatever). To try to decrypt the data with
the key,
the simplest case is a brute-force: fetch a memory region at location X,
treat it as a key, and try to decrypt an encrypted data. You certainly have
to have an algorithm to determine with high probability that decription has
succeeded, but it is quite easy for most structured data, including audio
formats. The complexity of this task is linear with amount of process
memory:
for 5 mbyte process the whole process will take certainly less than an hour
of average computer.
P.S. I am being unfair to a certain extent. Good security-conscious
programming provides several techniques to lower the window of opportunity
for the attacker to gain the access to this data. For example, it is customary
to wipe the key from the memory after it was used to encrypt the data. The
anti-swap techniques (mlockall(2)) are also widely used.
--
Lev Walkin
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
