From: Matthias Urlichs <matthias@urlichs.de>
To: wireguard@lists.zx2c4.com
Subject: Re: Support FIDO2/CTAP2 security tokens as keystore
Date: Sat, 24 Aug 2019 16:08:59 +0200 [thread overview]
Message-ID: <8cd089e7-0da9-b69a-2fbb-f961c4803936@urlichs.de> (raw)
In-Reply-To: <c8accebb-1a7f-7b3e-26b5-2d0b13347fb3@bartschnet.de>
On 22.08.19 10:54, Rene 'Renne' Bartsch, B.Sc. Informatics wrote:
> Anyone with access to the running machine or malicious software can
> read the keys on hard-disk.
Anyone with *root* access to the running machine can do that. They also
can trivially read the kernel memory (if nothing else, by installing a
module) and walk the kernel data structures to find the private and/or
shared key.
IMHO: if your threat model includes randomly subverted systems in your
network, you have problems that wireguard cannot fix.
--
-- Matthias Urlichs
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2019-08-24 14:09 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-18 14:22 Support FIDO2/CTAP2 security tokens as keystore Rene 'Renne' Bartsch, B.Sc. Informatics
2019-08-18 17:09 ` Reto
2019-08-22 8:54 ` Rene 'Renne' Bartsch, B.Sc. Informatics
2019-08-23 6:19 ` Reto
2019-08-24 14:08 ` Matthias Urlichs [this message]
2019-08-24 19:01 ` Andreas Karlsson
2019-08-25 19:30 ` Derrick Lyndon Pallas
2019-08-26 14:34 ` Andreas Karlsson
2019-08-30 11:42 Nicolas Stalder
2019-08-30 18:00 ` Phil Hofer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8cd089e7-0da9-b69a-2fbb-f961c4803936@urlichs.de \
--to=matthias@urlichs.de \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).