Passwords Can Sit on Hard Disks for Years 449
CygnusXII writes ""As people spend more time on the web and hackers become more sophisticated, the dangers of storing personal information on computers are growing by the day, security experts say. There are some obvious safeguards, such as never allowing your computer to store your passwords. But even that is no guarantee of security." "
Zero the data (Score:5, Informative)
The project was written in C++. We started out using a custom string class that performed its own memory management (with zeroing the buffer on deallocation), but then promptly ran into problems with the STL. We wound up writing a memory allocator that also cleans up after itself. Those two solutions took care of the vast majority of the data leakage "problem" -- the only thing left was reinitializing stack variables within functions.
The same customer actually requested this first. The problems associated with it were were terrible, especially in a multithreaded application. Plus, performance basically sucked. Wiping the data afterwards seemed to have the same end result, the performance was still good, and the customer was happy.BTW, the memory allocator and string class both made their way into the company's downloadable core library [bti.net] (MIT license).
Mac OS X and Pastor (Score:5, Informative)
Mac OS X's built-in "Keychain" services/util isn't streamlined for repeated user use, not to mention it doesn't have several auxiliary/free-form fields (that are also fully encrypted with the password field). After some research and trying a few of the freeware and shareware apps out there, I came across Pastor [versiontracker.com], a freeware, super-lightweight and user-friendly app that basically lets you maintain a catalog of username, pass, and about 6 auxiliary fields, stored in an encrypted file (when you go to open a file, it prompts you for the password and decodes it on the fly). If for some reason you don't dig this particular app, there's a couple others like it as well with increasingly levels of features (I happen to prefer lightweight).
So I went w/ this model and it's had great payoffs--when I need a particular login, I click on an alias to my main password (Pastor) file, enter the file's password to decrypt it, look for what I need (it alphabetizes), and I'm all set--meanwhile, there's absolutely no risk of security--I love it.
Repairs (Score:5, Informative)
One thing that worries me is sending machines away to get repaired.
I have a Sony Vaio laptop which I had to send to be repaired. I phoned the support number to tell them I was going to take the hard disc out before sending it. They said that if I did I would be charged for a new hard disc (at a hugely inflated price) and they wouldn't repair it without one.
I once sent a PC for repair and the teenage dork who repaired it actually said I had some great games on my machine and that he had played them. In another case in the UK, some padeophile was caught (was it Garry Glitter?) when he sent his PC in for repair. Now, I'm all for catching kiddie fiddlers, but that is not the way to do it.
I don't want the repair staff looking through the stuff on my hard disc. There should be a standard industry guarantee that this won't happen, or a privacy law about it or something.
Encrypt your disk (Score:5, Informative)
then I read the article, and all my worries went away.
I encrypt my swap partition, and that fixes the problem.
It's not hard, and since it's swap (i.e., data
you don't need for very long), you don't even need
to remember a password (your computer uses a random
one every time is sets up the swap). Really, it's
pretty easy -- see the HOWTO at http://www.tldp.org/HOWTO/Disk-Encryption-HOWTO/
Re:Zero the data (Score:5, Informative)
You can either lock the RAM page so it doesn't swap, or force the page to write back out to swap after zeroing. The former is far easier (unless you want to do a lot of painful coding) and, if I remember correctly, was what was done with the project I talked about. I don't think the page locking/unlocking made it into the downloadable library, though.
Re:Just plain wrong (Score:2, Informative)
Cleaning hard disks of passwords etc (Score:3, Informative)
2) To delete things properly, turn off paging and disk caching, reboot, then run something like Mutilate to fill all the unused disk space with rubbish. Remember to turn paging and caching back on afterwards or performance will be slooooow.
3) If you're disposing of a PC and you want to sell it with the HDD, it's usually easiest to reformat the HDD in another PC (as a slave) then run a file wiper as above.
4) Running a good file wiper once is perfectly adequate. Physical data recovery techniques using misaligned drive heads to pick up "ghost" images may or may not exist (hence the occasional recommendation to wipe 9 times) but the cost of doing so is so high that it would have to be a matter of national security. Commercial data recovery/forensic services do NOT use physical recovery techniques, they just go for deleted files and slack space.
Re:Hehe (Score:5, Informative)
Rubbish! (Score:5, Informative)
Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive.
That's a flat out lie.
$ man mlock
MLOCK(2) Linux Programmer's Manual MLOCK(2)
NAME
mlock - disable paging for some parts of memory
SYNOPSIS
#include
int mlock(const void *addr, size_t len);
DESCRIPTION
mlock disables paging for the memory in the range starting at addr with length len bytes.
OpenSSH uses paging protection. It also zeroes out the password in memory. Immediately upon hashing it. I've seen the code.
Authors are at Stanford? Paper at USENIX? Can't believe this shit.
OpenBSD encrypted swap (Score:3, Informative)
Too bad more systems don't embrace the idea.
Re:OpenBSD (Score:3, Informative)
vm.swapencrypt.enable is set to 0 (zero) by default, take a look at your
Re:Cleaning hard disks of passwords etc (Score:3, Informative)
Autoclave [washington.edu] is the one I used. It is quite nice, fits on a bootable floppy. I felt better sending my drive in for warranty replacement after using this program.
Also see:
UBCSwipe [bris.ac.uk]
Darik's Boot and Nuke [sourceforge.net]
Jim
Re:KeePass for Windows (Score:2, Informative)
Here's another excellent password utility, from Bruce Schneier [schneier.com] called Password Safe [sourceforge.net], which stores the passwords in a file and uses Blowfish to encrypt it. Very lightweight (requires only the executable -- no installation) but has the features everybody needs.
Re:Hehe (Score:5, Informative)
Even if you aren't running Windows, other OSes like OS/2 will recreate a fresh pagefile on every boot.
Encrypted Swap (Score:1, Informative)
I might add a few more (Score:1, Informative)
1) Install Mozilla and use that as your default browser. IE is a huge security hole, and should only be used for windows update.
2) Don't download those free screensavers, or other neat little toys, that you find all over the web. You really don't need them, and most of them come with adware, spyware, or worse. If you must download free stuff, take extra steps to learn what they come with, such as reading the EULA and user feedback. If you have no means of finding this out, then just say "no."
3) Don't install browser toolbars. Install as few browser plugins as possible, and try to keep them to the list of generally trusted plugins (shock, flash, quicktime, java).
4) Don't click on banner ads, pop up ads, or anything that says you have won something or can get something for free.
5) Delete spam and do not respond to it (don't bother to unsubscribe).
mlock (Score:3, Informative)
Re:No Guarantee of Security?!?! (Score:5, Informative)
Re:No Guarantee of Security?!?! (Score:5, Informative)
There ARE methods to get data off of a hard drive platter that has been overwritten only once, but this requires the hard drive to be removed from the computer and physicly disassembled, and is quite expensive.
you want somebodies password? (Score:1, Informative)
Seriously. Have you ever accidentally typed your password instead of your username? Grep your history for your password and see what you find.
Microsoft Engineer? RTFM (Score:2, Informative)
"Operating systems such as Windows and Linux have no facility for stopping data being written to the hard drive."
Incorrect. Set the page file to 0 and watch Win2000/03 run dog slow. Or, configure Win2000/03 to erase its page file when the computer shuts down.
http://msdn.microsoft.com/library/default.asp?url= /library/en-us/gp/567.asp [microsoft.com]
Is this new news? Maybe to some. However, the problem with many of these new Microsoft engineers is that they do not read the manual or pay attention during the MCSE courses.
My two cents (and yes, I am an MCSE).
Secure Programming (Score:2, Informative)
Re:Rubbish! (Score:5, Informative)
And if I remember correctly, you need root access to use mlock(). Now then, how do you feel about running Mozilla/Firefox as root? Mozilla and any other applications you might possibly type a password into... GPG has the same issue: http://www.gnupg.org/documentation/faqs.html#q6.1 [gnupg.org]
Meanwhile, for quite some time, OpenBSD has had the "swapencrypt" sysctl option, which causes everything swapped to disk to be encrypted with a random key that is stored only temporarily in RAM, never on disk... thereby taking away any possibility of getting usable data out of the swap partition.
For more info: click here. [216.239.53.104]
Re:Protective measures (Score:5, Informative)
Despite the FUD TV ads the credit-card companies want you to believe, THERE ARE NO OTHER KINDS OF CREDIT CARDS IN THE USA. It is federal law that you cannot be held liable for unauthorized charges on your credit card. Actually, I believe you may be required to pay up to $50, but that is really a trivial ammount.
So, don't believe the hype.
Re:Cleaning hard disks of passwords etc (Score:4, Informative)
And unless you have massive ammounts of RAM, your system will refuse to do anything...
I turned off the swaping on a Windows 2000 system that had 256MB of RAM, and rebooted, only to find that I couldn't do anything at all. The system started-up, but no programs could be opened. I could even get to the command-prompt, or the control panel to turn the page-file back on. Result, one completely destroyed and unsavable Windows system.
Don't recomend doing things that you've never done yourself and/or don't know enough of the details about how it works...
Comment removed (Score:2, Informative)
Re:Mac OS X and Pastor (Score:3, Informative)
i have a mail certificate (free from thawte - neat) and have installed gpg so have a number of high grade gpg keys which i use to correspond with my ol' dad back home about bank statements etc.
you say that the keychain gets in the way, but the fact that is is fully integrated into so many handy apps like sshAgent or MacSFTP or BBEdit, as well as the obvious ones like safari for web passwords etc. if you look in the keychain access program you'll see you can add secure notes, secure comments to passwords and all manner of options. you can open up the system keychains too and see the x509 certs you have collected.
you could also create an encrypted user whose user space is fully encrypted.
i have never seen the need for much more
Re:Repairs (Score:1, Informative)
Re:No Guarantee of Security?!?! (Score:3, Informative)
It does if you don't have the minimum memory requirements.
From the knoppix [knoppix.org] website
"20 MB of RAM for text mode, at least 96 MB for graphics mode with KDE (at least 128 MB of RAM is recommended to use the various office products),_"
Not to mention, you can still mount your local drive and store data on it.
hmm seems like a whole lot of touching going on....
Re:No Guarantee of Security?!?! (Score:2, Informative)
Encrypt the swap (Score:3, Informative)
For everything else, there is KWallet.
Re:Hehe (Score:4, Informative)
Because that Asian rape spam that popped up into your preview pane 2 years ago may not be a daily occurence. The FBI loves pulling up ancient JPG fragments from swap in their ongoing efforts to protect children.
Despite what you may have heard, the legality of pornography is of no relevance to prosecutors and judges; the first time the question of age comes up with regard to the subject of any particular photograph is when the jury is looking at poster size blowups of whatever they scraped off your hard drive.
To prevent fascism (or at least thwart it), do the following. Set the not-commonly-known "clear swapfile at shutdown" windows registry key:
HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown to 1
Wipe your empty space and slack space regularly with something like eraser [tolvanen.com]. (Interestingly, I don't know of a way to accomplish these things when using Linux as a desktop OS. If anyone knows of a way to clear the swap partition on shutdown or to clear not only free space on the hard drive, but also cluster tips (file slack), please let me know.) When finished using a hard drive, or any time you have cause to format it, boot up to rescue mode from any Linux distro's boot CD and dd if=/dev/zero of=/dev/hda (or whatever device your hard drive happens to be).
I have had access to the tools the bad guys (FBI, et. al.) use to extract evidence from your hard drive, and have seen that these procedures work brilliantly. Of course, I've also seen prosecutors derive character witness testimony from the very fact of using a program like eraser (only bad guys know this much about how to hide computer evidence!), so YMMV.
If you don't happen to live in the United States, treasure your freedom and fight to protect it.