[Cryptography] Heartbleed and fundamental crypto programming practices
lists at notatla.org.uk
lists at notatla.org.uk
Fri Apr 11 06:17:22 EDT 2014
Chris Tonkinson <chris masterbran.ch> writes:
> While I don't disagree with the spirit of your warning, it's probably
> worth clarifying that the most noteworthy data at risk of exposure in
> the case of Heartbleed is the cert private key. That is, the private key
> which, by definition, must remain in memory to en/decrypt traffic.
> ...
> While observing secure coding practices would certainly reduce the risk
> of exploit, increase probability of successful mitigation, and decrease
> data exposure following an exploit - again, in this case, that key must
> remain in memory for the system to operate.
The private key could be in a separate process (connected to the main httpd
process by pipes). A takeover of an httpd process (after startup) would not
retrieve the key; only the ability to do operations with it. Make it run
under a different UID to prevent interference by ptrace.
More information about the cryptography
mailing list