-----BEGIN PGP SIGNED MESSAGE----- On Mon, 11 Mar 1996, Gary Howland wrote:
This of course assumes that the remailer runs as a process - if it doesn't then there is no reason a 'remailer helper' cannot.
The only disadvantage of this is that the remailer cannot be rebooted without a passphrase being entered, but then there are ways around this (entering the passphrase remotely over a secure link etc., or more sophisticated 'remote authorisation' systems).
The advantage of this is that the password is never on the disk, only in memory (which will take serious (read "expensive") to extract).
I don't know that it would be that expensive. If someone was able to gain root access to the system, something like "strings /dev/kmem" could narrow the search for the passphrase down significantly. Of course one could obfuscate the passphrase by XOR'ing it with 0x80, but that's only security through obscrurity. - --Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xf9b22ba5 http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5 "The concept of normalcy is just a conspiracy of the majority" -me -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMUTQWrZc+sv5siulAQFH4wP/YOY0gxwW/F4+D/kt8cXw47XhldBfd8bK 9jM50XoZLOv9QHs6udtmIro1+2Dkb8eZz8HBn4gn+CVAIqso10LvevGXe8TpZ96p iO/XRm3LDpkdrt6mHoCC/J679hQ5nJgB0PThsBNl8MpW5mZMF5kZp9RWTosVsY3N FKGVQQSQ0VA= =UiDo -----END PGP SIGNATURE-----