zentara has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I was thinking the other day, about things like what happens when you use Perl to do things like GPG encryptions? Can I be sure that Perl will not leave traces of password keys in memory? Then this security focus article appeared today, and sort of got me to post this.

My immediate first idea was this: can I force a Perl script to run in a ramdisk (on linux), which can then be wiped with zeros(or 1's) after execution? This just brings up a bigger question.... can you somehow control where in ram a program is executed, or at least track all of the memory segments, and wipe them when the program is done running?

If a program is stored in a ramdisk, will it execute in that ramdisk, or may it be moved to some other ram area for execution?

Anyways, what other ideas are there to address this problem? Execute on removable usb keys, etc?

I'm not really a human, but I play one on earth. Cogito ergo sum a bum
  • Comment on Can Perl encryption scripts be run with ram wipe

Replies are listed 'Best First'.
Re: Can Perl encryption scripts be run with ram wipe
by shmem (Chancellor) on Feb 25, 2008 at 15:19 UTC
    Well, I'd just wait a couple of minutes before throwing my laptop into liquid nitrogen... there was a thread on that subject some time ago, so I just point to my answer instead of re-posting.

    The "most secure" thing would be a crypto device which holds the private key and never ever gives it away, and which key has to be unlocked entering a passphrase (through some keying device attached to that crypto thingy). Still, you will have to be extremely careful not to be shock-frozen together with this device by some agency right after having entered your pin...

    --shmem 

    _($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}
[reply]
      Thanks for the link to that node, of course it was exactly what I was thinking about doing.... a Tk or Gtk2 front-end to GnuPG. The idea I had, stealing from some javascript keyboard security code, was to make a mouse-driven virtual keyboard for entering the password, to avoid keystroke loggers.

      I did do some digging on ramdisks and tmpfs, and disposible swap.... and it seems that if a program is on a ramdisk, it will execute there, and can then be wiped. But many gotcha's start to creep in, like does the entire Perl executable, and it's modules, and finally the script itself, need to be on the ramdisk.

      Thanks to all who answered. By the way, I agree the idea of freezing a laptop to slow it's memory drainage is a bit James Bond-ish, but the idea of root, routinely dd'ing off /dev/mem and /dev/swap to search for password strings seems a pretty plausible form of insecurity.

      I'm not really a human, but I play one on earth. Cogito ergo sum a bum
[reply]
Re: Can Perl encryption scripts be run with ram wipe
by stiller (Friar) on Feb 25, 2008 at 14:14 UTC
    I read the artitcle, and it is a bit far fetched for the time beeing. But, with perl it's not too difficult to swamp memory, which would overwrite the keys left there. You might want to disable swap disk, if you use that.
[reply]
Re: Can Perl encryption scripts be run with ram wipe
by jrtayloriv (Pilgrim) on Feb 25, 2008 at 15:52 UTC
    This has been discussed at length recently on the linux-crypto mailing list. Check out their archives if you want to see a detailed discussion about it.
[reply]
      Yeah, a pretty good discussion of the coldboot attack. The hotplug technique is pretty sneaky too.

      I'll tell ya, they need some spam filtering on that maillist...... there are loads of government bait like "preteen lolitas links", its all they need nowadays to confiscate your computer.

      I'm not really a human, but I play one on earth. Cogito ergo sum a bum
[reply]

        Those aren't spam but cleverly concealed secret plans of world domination! Acme::Steganography::Text::Spam anyone? With the spam/ham ratio continuing to soar, one could hide any amount of text, and disseminate with total deniability for the recipient. Hmm...;-)


        All dogma is stupid.
[reply]
[d/l]

Back to Seekers of Perl Wisdom