tinyapps.org / blog

How safe are your secrets? #

Toma┼ż suggests a simple but possibly unsettling experiment:
# export HISTFILE=/dev/null
# grep secret_that_shouldn't_be_on_disk /dev/sda /dev/sdb
Binary file /dev/sda matches
Binary file /dev/sdb matches
"If grep returns no hits, great. Your secret is safe from this particular attack. In my case however the fun part was in finding out why exactly the password that supposedly never leaves volatile RAM appeared in clear on all of the computer's hard drives (and the machine in question doesn't even have swap enabled)."

/nix | Jul 17, 2011

Subscribe or visit the archives