Cleaning Up After Mass Password Changes - 14 Dec 2005

Last week, I mentioned ways to change passwords en masse. Hobbit (creator of the hugely popular netcat tool) wrote to remind me that I didn't mention the fact that storing plaintext passwords in scripts carries considerable risk. Obviously, the passwords might be recoverable by an intruder.

After you've performed mass password changes, don't leave password strings lying around in plaintext. You might use strong encryption to encrypt the data, or better yet, you might remove the passwords from your system completely. To do that, delete any password strings in your scripts or delete the scripts completely. Then securely erase your disk space to ensure that the passwords can't be recovered by intruders.

To wipe a disk clean, you need to overwrite all sectors on a drive in some fashion. Some disk-wiping tools can overwrite sectors numerous times to better ensure that the magnetic flux (which is the means by which data is recorded) is dramatically changed so that little if any flux remains to be used toward data recovery. You can use Stellar Information Systems' Stellar Wipe Safe Data Eraser, Heidi Computers' Eraser, or any number of other tools designed to destroy disk-based data. If you use Sunbelt Software's CounterSpy antispyware tool, you might know that it has a built-in file eraser utility that you could use.

http://www.stellarinfo.com/file-eraser.htm

http://www.heidi.ie/eraser

http://www.sunbeltsoftware.com/CounterSpy.cfm

If you're interested in some facts and theory about how someone might recover data from your disks and how disk-erasing technology can help prevent that from happening, read "Secure Deletion of Data from Magnetic and Solid-State Memory" by Peter Gutmann at

http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/

Instead of creating and running your scripts from a hard disk, you could run your script from a floppy disk drive and then burn the floppy disk when you're done. I can't think of a more secure method than this. But many systems these days don't even have floppy disk drives.

A long time ago, I used RAM disks to help some programs run much faster. A RAM disk would be great for helping to secure your passwords in scripts that are used to perform mass password changes. You can create a RAM disk, use it to develop and run your scripts, and when you're finished, repeatedly erase the RAM disk. Then uninstall the RAM disk drivers, shut down the system, power it off (which destroys anything in RAM), and reboot the computer. There's still a slim chance that someone might be able to recover passwords written to RAM, but it would be incredibly difficult, because the RAM space used by the RAM disk will be overwritten repeatedly by the OS and your applications. Using a RAM disk is probably much safer than relying on a tool to erase hard disk space.

When establishing a RAM disk, be sure that you immediately set permissions on the new disk drive to prevent unwanted access. You can find numerous RAM disk drivers for Windows 2000 and Windows XP (some of which are free) by using your favorite search engine. Use a search string similar to

RAMdisk +"Windows XP" +"Windows 2000"

If you don't want to trust somebody else's RAM disk code, download Microsoft's RAM disk source code, review it carefully to make sure you trust it, then compile it yourself. Keep in mind that Microsoft's sample RAM disk code works only on Windows 2000. The Microsoft article "FILE: Ramdisk.sys sample driver for Windows 2000" cautions that if you use the code on Windows XP, it could render the System Restore features useless.

http://support.microsoft.com/?kbid=257405

Finally, you might use a thumb drive, which can essentially act like a RAM disk. Or you could use an MP3 player or digital camera as an additional disk drive on your system, then detach it when you're finished using it. As with hard disks and RAM disks, be absolutely certain that you delete any sensitive information the drive contains, then erase the unused space repeatedly.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish