mercredi 20 mars 2019

How to get many static random on a system? (generate a key lost after reboot)

I created my own password manager.

The master password must kept in the RAM.

To protect it against attackers I like to generate a key that is device depending, lost after reboot and not completely stored at the RAM nor the HDD or a combination.

Multiple parts:

  • Stored on HDD like Registry-Entry
  • Stored in RAM like a variable
  • Generated on runtime like initalized random seed or ASLR (no rebuild if not saved during runtime)

That protects against RAM-Dump und HDD-Clone.

Do you have any idea what to use for the last point (runtime)?

Need it for Linux (Debian-based) and Windows.

Something that is static at runtime (not changing with time) but lost after reboot.

My ideas (on linux):

  • ip addr (does not change)
  • lspci (does not change)
  • echo "$PATH" (does not change)
  • hostname (on HDD)
  • echo "$USER" (on HDD + BruteForce)
  • who -b
  • last (may be contained or extracted out of logs)
  • who

All not realy random nor secure.

At Windows:

  • Using the sid of the user (too less bits random?)



Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)