- From: Steve Parker <sparker@well.com>
- Date: Wed, 16 Jun 1999 07:04:15 -0700
- To: 'John Stracke' <francis@ecal.com>, http-wg@hplb.hpl.hp.com
> I take it this requires access to the process's memory space? Since this usually gets swapped out at some point, the swap file would seem a much easier point of attack. How easy this is depends on implementations. Windows would appear to be easy. Systems with protected memory space such as AS/400 or various specialized trusted systems would appear to be immune - but Shamir was exploring the possibility of "lunchtime attacks" on client systems, which is virtually synonymous with Windows. Steve > -----Original Message----- > From: francis@ariel.local.thibault.org > [mailto:francis@ariel.local.thibault.org]On Behalf Of John Stracke > Sent: Tuesday, June 15, 1999 8:35 AM > To: http-wg@hplb.hpl.hp.com > Subject: Re: Password change via HTTP > > > Steve Parker wrote: > > > Doesn't help (well, just a slight delay) - see Shamir and van > > Someren's paper "Playing hide and seek with stored keys", delivered > > to this year's Financial Cryptography conference: "We > describe efficient > > algebraic attacks which can locate secret RSA keys in long > bit strings, > > and more general statistical attacks which can find > arbitrary cryptographic > > keys embedded in large programs. > > I take it this requires access to the process's memory space? > > -- > /=============================================================\ > |John Stracke | My opinions are my own | S/MIME & HTML OK | > |francis@ecal.com|============================================| > |Chief Scientist | NT's lack of reliability is only surpassed | > |eCal Corp. | by its lack of scalability. -- John Kirch | > \=============================================================/ > > > >
Received on Wednesday, 16 June 1999 07:11:46 UTC