On 5/6/2014 11:56 PM, Tony Arcieri wrote:
Can anyone point me at some best practices for implementing buffer
types for storing secrets?
There are the general coding rules at cryptocoding.net
<http://cryptocoding.net> for example, that say you should use
unsigned bytes and zero memory when you're done, but I'm more curious
about specific strategies, like:
- malloc/free + separate process for crypto
- malloc/free + mlock/munlock + "secure zeroing"
- mmap/munmap (+ mlock/munlock)
Should finalizers be explicit or implicit? (or should an implicit
finalizer try to make sure buffers are finalized if you don't do it
yourself?)
Are paranoid buffers worth the effort? Are the threats they'd
potentially mitigate realistic? Are there too many other things that
can go wrong (e.g. rewindable VMs) for this to matter?
--
Tony Arcieri
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
I do think it is worth the effort. Yes, what you are talking about
takes extra work but it is better to be safe than sorry. I will say,
however, that you should understand the read/write process is taxed.
This is what I mean:
Let's assume you set aside a chunk of memory. At some point it needs to
be freed. How often do you wish the algorithm to do this? It is
important to figure this out because your ram will be used and flushed
(in part) over and over.
--
Kevin
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
