Slashdot Mirror
Passwords Can Sit on Hard Disks for Years
CygnusXII writes ""As people spend more time on the web and hackers become more sophisticated, the dangers of storing personal information on computers are growing by the day, security experts say. There are some obvious safeguards, such as never allowing your computer to store your passwords. But even that is no guarantee of security." "
The project was written in C++. We started out using a custom string class that performed its own memory management (with zeroing the buffer on deallocation), but then promptly ran into problems with the STL. We wound up writing a memory allocator that also cleans up after itself. Those two solutions took care of the vast majority of the data leakage "problem" -- the only thing left was reinitializing stack variables within functions.
The same customer actually requested this first. The problems associated with it were were terrible, especially in a multithreaded application. Plus, performance basically sucked. Wiping the data afterwards seemed to have the same end result, the performance was still good, and the customer was happy.BTW, the memory allocator and string class both made their way into the company's downloadable core library (MIT license).
Ah, funny this story was posted--I just had to address this issue the other day. I run Mac OS X and I happened to be doing a fresh install, moving all my data over from an old HD. Before this, I had always stored my slew of account info in a text file in an obscure and unlabeled file (I know, I know--very careless of me--that's way I was ready to change my ways!).
Mac OS X's built-in "Keychain" services/util isn't streamlined for repeated user use, not to mention it doesn't have several auxiliary/free-form fields (that are also fully encrypted with the password field). After some research and trying a few of the freeware and shareware apps out there, I came across Pastor, a freeware, super-lightweight and user-friendly app that basically lets you maintain a catalog of username, pass, and about 6 auxiliary fields, stored in an encrypted file (when you go to open a file, it prompts you for the password and decodes it on the fly). If for some reason you don't dig this particular app, there's a couple others like it as well with increasingly levels of features (I happen to prefer lightweight).
So I went w/ this model and it's had great payoffs--when I need a particular login, I click on an alias to my main password (Pastor) file, enter the file's password to decrypt it, look for what I need (it alphabetizes), and I'm all set--meanwhile, there's absolutely no risk of security--I love it.
G-Force music visualization
One thing that worries me is sending machines away to get repaired.
I have a Sony Vaio laptop which I had to send to be repaired. I phoned the support number to tell them I was going to take the hard disc out before sending it. They said that if I did I would be charged for a new hard disc (at a hugely inflated price) and they wouldn't repair it without one.
I once sent a PC for repair and the teenage dork who repaired it actually said I had some great games on my machine and that he had played them. In another case in the UK, some padeophile was caught (was it Garry Glitter?) when he sent his PC in for repair. Now, I'm all for catching kiddie fiddlers, but that is not the way to do it.
I don't want the repair staff looking through the stuff on my hard disc. There should be a standard industry guarantee that this won't happen, or a privacy law about it or something.
When I read the headline, I was alarmed. But
and keep your goatsex links and pictures confidential.
then I read the article, and all my worries went away.
I encrypt my swap partition, and that fixes the problem.
It's not hard, and since it's swap (i.e., data
you don't need for very long), you don't even need
to remember a password (your computer uses a random
one every time is sets up the swap). Really, it's
pretty easy -- see the HOWTO at http://www.tldp.org/HOWTO/Disk-Encryption-HOWTO/
----- Why sig when you can sign? PGP key id 7675D05E
Yep. From MSDN: "The VirtualLock function enables a process to lock one or more pages of committed memory into physical memory (RAM), preventing the system from swapping the pages out to the paging file"
2) To delete things properly, turn off paging and disk caching, reboot, then run something like Mutilate to fill all the unused disk space with rubbish. Remember to turn paging and caching back on afterwards or performance will be slooooow.
3) If you're disposing of a PC and you want to sell it with the HDD, it's usually easiest to reformat the HDD in another PC (as a slave) then run a file wiper as above.
4) Running a good file wiper once is perfectly adequate. Physical data recovery techniques using misaligned drive heads to pick up "ghost" images may or may not exist (hence the occasional recommendation to wipe 9 times) but the cost of doing so is so high that it would have to be a matter of national security. Commercial data recovery/forensic services do NOT use physical recovery techniques, they just go for deleted files and slack space.
When I am king, you will be first against the wall.
The article does go into a bit more detail than that... They use a program called TaintBochs (probably hacked from the open source emulater Bochs) to track sensitive data and find out where exactly it goes and how long it's there. This sounds to me like a nifty hack, and they're actually doing research to come up with quantitative results on how long data sticks around, instead of just saying, "Um, yeah, stuff gets swapped out."
Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive.
That's a flat out lie.
$ man mlock
MLOCK(2) Linux Programmer's Manual MLOCK(2)
NAME
mlock - disable paging for some parts of memory
SYNOPSIS
#include
int mlock(const void *addr, size_t len);
DESCRIPTION
mlock disables paging for the memory in the range starting at addr with length len bytes.
OpenSSH uses paging protection. It also zeroes out the password in memory. Immediately upon hashing it. I've seen the code.
Authors are at Stanford? Paper at USENIX? Can't believe this shit.
The problem of swap containing sensitive data from running programs was addressed some time ago by OpenBSD. They generate a random key at boot time and use it to encrypt reads and writes to swap. By definition, you are not interested in the contents of swap the next time you boot up, so you can start with a brand new key. Not only is swap space secure against fishing expeditions like in TFA, but it's also secure against someone getting read privileges on the raw disk (unless they also get permissions on kernel memory and can go look up the key).
Too bad more systems don't embrace the idea.
Umm, no.
/etc/sysctl.conf
vm.swapencrypt.enable is set to 0 (zero) by default, take a look at your
Funny... gator...
Here's another excellent password utility, from Bruce Schneier called Password Safe, which stores the passwords in a file and uses Blowfish to encrypt it. Very lightweight (requires only the executable -- no installation) but has the features everybody needs.
Even if you aren't running Windows, other OSes like OS/2 will recreate a fresh pagefile on every boot.
Gamingmuseum.com: Give your 3D accelerator a rest.
The problem of password retention on swap partitions has been known for years. OpenBSD, for example, automatically encrypts the swap partition with rotating keys so that information becomes automatically when it gets stale, i.e. even before reboot. There is a paper on this called Encrypting Virtual Memory. Makes for an interesting read.
for windows users, specifically:
:)
1) Install Mozilla and use that as your default browser. IE is a huge security hole, and should only be used for windows update.
2) Don't download those free screensavers, or other neat little toys, that you find all over the web. You really don't need them, and most of them come with adware, spyware, or worse. If you must download free stuff, take extra steps to learn what they come with, such as reading the EULA and user feedback. If you have no means of finding this out, then just say "no."
3) Don't install browser toolbars. Install as few browser plugins as possible, and try to keep them to the list of generally trusted plugins (shock, flash, quicktime, java).
4) Don't click on banner ads, pop up ads, or anything that says you have won something or can get something for free.
5) Delete spam and do not respond to it (don't bother to unsubscribe).
Knoppix doesn't touch the hard drive at all, that is the whole point of a live CD, so no it doesn't use any swap
Snowden and Manning are heroes.
Actually, you only need to overwrite once to make it invisible to the computer over the IDE cable.
There ARE methods to get data off of a hard drive platter that has been overwritten only once, but this requires the hard drive to be removed from the computer and physicly disassembled, and is quite expensive.
"-1 Troll" is the apparently the same as "-1 I disagree with you."
look in their bash (or tcsh or whatever their fav flavor is) history.
Seriously. Have you ever accidentally typed your password instead of your username? Grep your history for your password and see what you find.
"Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive."
Incorrect. Set the page file to 0 and watch Win2000/03 run dog slow. Or, configure Win2000/03 to erase its page file when the computer shuts down.
http://msdn.microsoft.com/library/default.asp?url= /library/en-us/gp/567.asp
Is this new news? Maybe to some. However, the problem with many of these new Microsoft engineers is that they do not read the manual or pay attention during the MCSE courses.
My two cents (and yes, I am an MCSE).
Whenever I am programming an encryption program or something that needs to be secure, I use a bit eraser algorithm that is modeled after one presented in th book "Secure Programming in C and C++" (very good book btw. Very Practical) I am surprised no one has written open source for a cron job that does the same thing.
Despite the FUD TV ads the credit-card companies want you to believe, THERE ARE NO OTHER KINDS OF CREDIT CARDS IN THE USA. It is federal law that you cannot be held liable for unauthorized charges on your credit card. Actually, I believe you may be required to pay up to $50, but that is really a trivial ammount.
So, don't believe the hype.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Altough this might sound like an ad (it is not - it is not commercial) one might take a look at 'libsd': libsd makes ALL applications on your system do a secure delete without changing a single line of code.
It does this by intercepting calls like 'unlink' (delete files) and 'truncate': before deleting or truncating a file, the previous contents is first overwritten with garbage which is forced to disk.
So if you use this library and you delete a file with a password in it, that password should not be recoverable (altough it might still reside in your swappartition...).
www.vanheusden.com - home of Multitail, HTTPing, CoffeeSaint, EntropyBroker, rsstail, bsod, listener, nagcon, nagi
....so no it doesn't use any swap
It does if you don't have the minimum memory requirements.
From the knoppix website
"20 MB of RAM for text mode, at least 96 MB for graphics mode with KDE (at least 128 MB of RAM is recommended to use the various office products),_"
Not to mention, you can still mount your local drive and store data on it.
hmm seems like a whole lot of touching going on....
Knoppix will use linux swap space if there is any on the hard drive. You'd use the noswap tag when booting for forensics or more paranoid computing.
Urgo: "I want to live. I want to experience the universe and I want to eat pie!"
Jack: "Who doesn't??"
For everything else, there is KWallet.
In Soviet Washington the swamp drains you.
IOW, tho the security issue exists, it's not exactly something to lose sleep over -- because if someone wants to compromise your security, why not get current data right from today's data input, instead of possibly-obsolete data of unknown relevance!
Because that Asian rape spam that popped up into your preview pane 2 years ago may not be a daily occurence. The FBI loves pulling up ancient JPG fragments from swap in their ongoing efforts to protect children.
Despite what you may have heard, the legality of pornography is of no relevance to prosecutors and judges; the first time the question of age comes up with regard to the subject of any particular photograph is when the jury is looking at poster size blowups of whatever they scraped off your hard drive.
To prevent fascism (or at least thwart it), do the following. Set the not-commonly-known "clear swapfile at shutdown" windows registry key:
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown to 1
Wipe your empty space and slack space regularly with something like eraser. (Interestingly, I don't know of a way to accomplish these things when using Linux as a desktop OS. If anyone knows of a way to clear the swap partition on shutdown or to clear not only free space on the hard drive, but also cluster tips (file slack), please let me know.) When finished using a hard drive, or any time you have cause to format it, boot up to rescue mode from any Linux distro's boot CD and dd if=/dev/zero of=/dev/hda (or whatever device your hard drive happens to be).
I have had access to the tools the bad guys (FBI, et. al.) use to extract evidence from your hard drive, and have seen that these procedures work brilliantly. Of course, I've also seen prosecutors derive character witness testimony from the very fact of using a program like eraser (only bad guys know this much about how to hide computer evidence!), so YMMV.
If you don't happen to live in the United States, treasure your freedom and fight to protect it.
who are those slashdot people? they swept over like Mongol-Tartars.