Infrastructure report, 2008-08-22 UTC 1200
Alexandre Dulaunoy
adulau at foo.be
Fri Aug 22 15:10:44 UTC 2008
On Fri, Aug 22, 2008 at 4:54 PM, Michael J Gruber
<michaeljgruber+gmane at fastmail.fm> wrote:
>
> As Paul pointed out, the keys are different, and the Fedora key was not
> in use (no passphrase typed in) during the critical time frame.
Yep. Just wondering how the attacker retrieved the passphrase for Red Hat.
Looking at this paper[1], gpg is quite safe regarding its memory use
while processing
the passphrase. Except if you use a terminal that will intercept and
store the passphrase
somewhere in memory ;-)
Could be very interesting to know how the attacker was able to catch
the passphrase.
(maybe via a bash_history containing the passphrase typed in the shell
prompt ;-)
[1] http://philosecurity.org/pubs/davidoff-clearmem-linux.pdf
> Funny
> thing is:
>
> - Fedora's key will be changed, not RHEL's, which has been compromised.
> - High security private keys are best kept in bare metal and used on
> boxes without incoming network. This doesn't seem to apply to the
> package signing keys.
This is a very good point. Signing key should be done on a dedicated
system where
there is no permanent network connectivity. Maybe that could be a
good enhancement
for the future ;-)
Thanks for the feedback,
adulau
--
-- Alexandre Dulaunoy (adulau) -- http://www.foo.be/
-- http://www.foo.be/cgi-bin/wiki.pl/Diary
-- "Knowledge can create problems, it is not through ignorance
-- that we can solve them" Isaac Asimov
More information about the fedora-list
mailing list