I think I read something that may help you in the article "Playing hide and seek with stored keys" by Adi Shamir and Nicko van Someren. The abstract:
"In this paper we consider the problem of efficiently locating cryptographic keys hidden in gigabytes of data, such as the complete file system of a typical PC. We describe efficient algebraic attacks which can locate secret RSA keys in long bit strings, and more general statistical attacks which can find arbitrary cryptographic keys embedded in large programs. These techniques can be used to apply lunchtime attacks on signature keys used by financial institutes, or to defeat authenticode type mechanisms in software packages. Keywords: Cryptanalysis, lunchtime attacks, RSA, authenticode, key hiding." True it is focus on finding key metarial of filesystems, but nevertheles, it should be a valid approach for memory dumps. You can download it from www.ncipher.com after registration. Hope it helps. ============================================ Roberto López Navarro Consultor Preventa [mailto:[EMAIL PROTECTED] Tfno: +34 91 806 16 00 Fax: +34 91 806 16 99 SGI Soluciones Globales Internet S.A. [http://www.sgi.es] Isaac Newton nº 11 Tres Cantos (Madrid) 28760 Spain ============================================ Secure e-Solutions ============================================ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Welter Sent: viernes, 23 de julio de 2004 8:42 To: [EMAIL PROTECTED] Subject: key compromise with memory debugger possilbe ? Hello List, As I am new here I frist want to introduce myself - I am a scientific employee at Technische Universitaet Muenchen and we do some research on DRM related security mechanisms. We made a concept for a secure media player and now try to attack it - the openssl related question is: We use openssl to en/decrypt data with 3des - is it possible to retrieve the used key while running a de/encryption via a memory debugger or something similar ? Are there any preventions against such attacks or has noone ever thought about such an attack ? I would appreciate any hints on related studys, documents, etc... best regards Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]