List Info

Thread: Locating private keys in RAM?
Locating private keys in RAM?
user name
 2006-09-05 01:14:05 
Hello,
 I remember seeing a paper about identifying private keys in
RAM. I
thought it was by Rivest but I can not locate it for the
life of me.
Does anyone remember reading something like this? The basic
operation
was to identify areas in RAM that had certain
characteristics such as
random bits and identifiable key headers...
Any help would be greatly appreciated...


-- 
--dfc
douglasfcalvertgmail.com

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
Locating private keys in RAM?
user name
 2006-09-05 15:51:39 
On Mon, 4 Sep 2006 21:14:05 -0400, "Douglas F.
Calvert"
<douglasfcalvertgmail.com> wrote:

> Hello,
>  I remember seeing a paper about identifying private
keys in RAM. I
> thought it was by Rivest but I can not locate it for
the life of me.
> Does anyone remember reading something like this? The
basic operation
> was to identify areas in RAM that had certain
characteristics such as
> random bits and identifiable key headers...
> Any help would be greatly appreciated...
> 
It was by Shamir and van Someren.  See

http://citeseer.ist.psu.edu/vansomeren98playing.html

		--Steven M. Bellovin, http://www.cs.columbi
a.edu/~smb

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
Locating private keys in RAM?
user name
 2006-09-05 16:13:54 
Maybe you mean http://www.trapkit.de/research/sslkeyfind
er/keyfinder_v1.0_20060205.pdf

Regards,

Leandro

On 9/4/06, Douglas F. Calvert <douglasfcalvertgmail.com> wrote:
> Hello,
>  I remember seeing a paper about identifying private
keys in RAM. I
> thought it was by Rivest but I can not locate it for
the life of me.
> Does anyone remember reading something like this? The
basic operation
> was to identify areas in RAM that had certain
characteristics such as
> random bits and identifiable key headers...
> Any help would be greatly appreciated...
>
>
> --
> --dfc
> douglasfcalvertgmail.com
>
>
------------------------------------------------------------
---------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
>


-- 
Leandro Federico Meiners

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
Locating private keys in RAM?
user name
 2006-09-05 17:00:41 
* Douglas F. Calvert:

> I remember seeing a paper about identifying private
keys in RAM. I
> thought it was by Rivest but I can not locate it for
the life of me.
> Does anyone remember reading something like this? The
basic operation
> was to identify areas in RAM that had certain
characteristics such as
> random bits and identifiable key headers...
> Any help would be greatly appreciated...

>From findkey.c in The Coroner's Toolkit:

/*      A. Shamir and N. van Someren, Playing Hide and Seek
With Stored
/*      Keys, 1998.
/*      http://www.ncipher.com/products/files/papers/
anguilla/keyhide2.pdf.

(The web page no longer exists, though.)

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
Locating private keys in RAM?
user name
 2006-09-05 22:31:57 

  


  

    Douglas,

Many applications using RSA make use of a private key
in its ASN.1 BER form. In this format, the surrounding encoding of a
private key becomes very easily recognizable. 

The follow is an excerpt from RFC3447 (PKCS#1)



-- Representation of RSA private key with information for the CRT

-- algorithm.

--

RSAPrivateKey ::= SEQUENCE {

 &nbsp;  version &nbsp; &nbsp; &nbsp;   ;  Version,

  ; &nbsp;modulus&nbsp; &nbsp;   ; &nbsp; &nbsp; INTEGER,&nbsp; -- n

 &nbsp;  publicExponent&nbsp; &nbsp; INTEGER,&nbsp; -- e

 &nbsp;  privateExponent&nbsp;  INTEGER,&nbsp; -- d

 &nbsp;  prime1 &nbsp; &nbsp; &nbsp; &nbsp;   ; INTEGER, &nbsp;-- p

 &nbsp;  prime2 &nbsp; &nbsp; &nbsp; &nbsp;   ; INTEGER, &nbsp;-- q

 &nbsp;  exponent1 &nbsp;   ; &nbsp;  INTEGER,&nbsp; -- d mod (p-1)

&nbsp; &nbsp; exponent2&nbsp; &nbsp; &nbsp;   ; INTEGER,&nbsp; -- d mod (q-1)

&nbsp; &nbsp; coefficient&nbsp;   ; &nbsp; INTEGER,&nbsp; -- (inverse of q) mod p

 &nbsp;  otherPrimeInfos&nbsp;  OtherPrimeInfos OPTIONAL

}



Version ::= INTEGER { two-prime(0), multi(1) }

 &nbsp;  (CONSTRAINED BY {

 &nbsp;   ; &nbsp; -- version must be multi if otherPrimeInfos present --

   ; })



OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo



OtherPrimeInfo ::= SEQUENCE {

 &nbsp;  prime  ; &nbsp; &nbsp; &nbsp; &nbsp;   INTEGER,&nbsp; -- ri

   ; exponent &nbsp;   ; &nbsp; &nbsp; INTEGER, ; -- di

   ; coefficient&nbsp; &nbsp; &nbsp;  INTEGER&nbsp;  -- ti

}





In ASN.1 BER each integer, a sequence, a version, etc. all have well
defined form of octet (bytes) which represent both the type of object,
its size, as well as its value.

On 9/4/06, Douglas F. Calvert <gmail.com">douglasfcalvertgmail.com> wrote:
>; Hello,
>; &nbsp;I remember seeing a paper about identifying private keys in RAM. I

> thought it was by Rivest but I can not locate it for the life of me.
> Does anyone remember reading something like this? The basic operation
> was to identify areas in RAM that had certain characteristics such as

> random bits and identifiable key headers...
> Any help would be greatly appreciated...
> 
> 
> --
> --dfc
> gmail.com">douglasfcalvertgmail.com

> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to metzdowd.com">
majordomometzdowd.com
> 

Best regards,
-- 
Mike 

  

  
  
   
     
    

  

    Locating private keys in RAM?
  


  

     user name

     2006-09-07 18:29:05
  


  

    
Check
http://www.matasano.com/log/178/recove
r-a-private-key-from-process-memory/

or if you want to find the algorithms

http://
www.hexblog.com/2006/01/findcrypt.html

On Mon, 4 Sep 2006, Douglas F. Calvert wrote:

> Hello,
> I remember seeing a paper about identifying private
keys in RAM. I
> thought it was by Rivest but I can not locate it for
the life of me.
> Does anyone remember reading something like this? The
basic operation
> was to identify areas in RAM that had certain
characteristics such as
> random bits and identifiable key headers...
> Any help would be greatly appreciated...
>
>
> -- 
> --dfc
> douglasfcalvertgmail.com
>
>
------------------------------------------------------------
---------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com
>

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com


  


  

    
  

  
  
   
     
    






 [1-6]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )