Re: (Fwd) Gov't run anon servers
Right. Couldn't you insert some kind of var into the kernel, rebuild and upon each reboot have the remailer process (which would have to be root owned) check for the value of this? I am of course assuming that the owner of the remailer has admin control over the box, which is kind of unscalable. If someone does gain entry to the machine, he'd need root to skim through the kernel memory, and since he wouldn't have access to the remailer src (you don't have it online, right?) he'd have a hard time looking for what he needed...
I was thinking of something much simpler, eg.: % remailer Enter passphrase: xxx Remailer started ... % This of course assumes that the remailer runs as a process - if it doesn't then there is no reason a 'remailer helper' cannot. The only disadvantage of this is that the remailer cannot be rebooted without a passphrase being entered, but then there are ways around this (entering the passphrase remotely over a secure link etc., or more sophisticated 'remote authorisation' systems). The advantage of this is that the password is never on the disk, only in memory (which will take serious (read "expensive") to extract). I am amazed at all of the talk of smart cards etc., when all that is really needed is a password entered at boot time. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland <gary@kampai.euronet.nl> Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06
-----BEGIN PGP SIGNED MESSAGE----- On Mon, 11 Mar 1996, Gary Howland wrote:
This of course assumes that the remailer runs as a process - if it doesn't then there is no reason a 'remailer helper' cannot.
The only disadvantage of this is that the remailer cannot be rebooted without a passphrase being entered, but then there are ways around this (entering the passphrase remotely over a secure link etc., or more sophisticated 'remote authorisation' systems).
The advantage of this is that the password is never on the disk, only in memory (which will take serious (read "expensive") to extract).
I don't know that it would be that expensive. If someone was able to gain root access to the system, something like "strings /dev/kmem" could narrow the search for the passphrase down significantly. Of course one could obfuscate the passphrase by XOR'ing it with 0x80, but that's only security through obscrurity. - --Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xf9b22ba5 http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5 "The concept of normalcy is just a conspiracy of the majority" -me -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMUTQWrZc+sv5siulAQFH4wP/YOY0gxwW/F4+D/kt8cXw47XhldBfd8bK 9jM50XoZLOv9QHs6udtmIro1+2Dkb8eZz8HBn4gn+CVAIqso10LvevGXe8TpZ96p iO/XRm3LDpkdrt6mHoCC/J679hQ5nJgB0PThsBNl8MpW5mZMF5kZp9RWTosVsY3N FKGVQQSQ0VA= =UiDo -----END PGP SIGNATURE-----
participants (2)
-
Gary Howland -
Mark M.