[Cryptography] Secure erasure in C.

Thu Sep 8 12:25:40 EDT 2016

On 09/07/2016 04:04 PM, Ray Dillinger wrote:
> For years I'd been defining 'erase' using
>
> //////
> static void *(*const volatile deleter)(void*,int,size_t)=memset;
> static void erase(void *buf,size_t len){deleter(buf, 0, len);}
> //////

How about something like this?

   unsigned long secure_erase(void *buf, size_t len)
   {
     size_t index;
     unsigned long total = 0;

     srandom(time());

     for (index=0; index<len; index++) {
       ((char*)buf)[index] = (char)random();
     }
     for (index=0; index<len; index++) {
       total += ((char*)buf)[random() % len];
     }
     return total;
   }

Convince the compiler that you are interested in the return value, and 
doesn't it have to do the work? Maybe the second loop could be shortened 
to a single random array access. Faster would be to do wide accesses, 
maybe some unwinding, but that's more work to write. And too much such 
work might give too many clues to the compiler.

The optimizer isn't so perverse as to reverse engineer random(), is it?

I like using random (-ish) data for things like testing disk speed or 
network speed or RAM bandwidth, because zero is a common thing to cheat 
about, some subsystem recognizes what you are doing and agrees to 
pretend the data is now zero, effectively doing some really efficient 
compression. As memory subsytems get more and more like disks, they 
might start doing these tricks, too. And as has been mentioned, with 
virtualization sneaking in without always telling you, you aren't just 
doing battle with the optimizer; your zeros might get deduplicated with 
other's while your real data lives on, sitting there, itself trying to 
be deduplicated with completely unrelated data belonging to completely 
unrelated customers.

I want to avoid what I like to call The Mikado Rule.

As Koko said in Gilbert and Sullivan's The Mikado:

    It's like this: When your Majesty says, "Let a thing be done," it's
    as good as done — practically, it is done — because your Majesty's
    will is law. Your Majesty says, "Kill a gentleman," and a gentleman
    is to be killed. Consequently, that gentleman is as good as dead —
    practically, he is dead — and if he is dead, why not say so?

The argument was good enough in the very silly world of The Mikado, and 
it is also the general approach to efficient modern computing.

Using random (-ish) data is a way to force the work.

-kb, the Kent who won't make a gruesome and current Syria analogy to 
photographic evidence and Bashar al-Assad.