cleartext SSH, Truecrypt, etc passwords in memory
Sherri Davidoff
alien at MIT.EDU
Fri Jul 25 11:28:15 EDT 2008
Hello all. During the past few months, I've been poking around Linux
memory and consistently finding cleartext login, SSH, email, IM,
Truecrypt and root passwords. I've just finished a paper which includes
detailed location and context information for each password. Given the
recent buzz about cold boot memory dumping, it seems the risk associated
with cleartext passwords in memory has increased.
You can find the paper here:
http://philosecurity.org/research/cleartext-passwords-linux/
There are also a couple snippets of process memory up there for folks to
play with. Thought this might be of interest to folks on this list.
Sherri
--
http://philosecurity.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list