[Cryptography] Secure erasure in C.
Kent Borg
kentborg at borg.org
Thu Sep 8 12:25:40 EDT 2016
On 09/07/2016 04:04 PM, Ray Dillinger wrote:
> For years I'd been defining 'erase' using
>
> //////
> static void *(*const volatile deleter)(void*,int,size_t)=memset;
> static void erase(void *buf,size_t len){deleter(buf, 0, len);}
> //////
How about something like this?
unsigned long secure_erase(void *buf, size_t len)
{
size_t index;
unsigned long total = 0;
srandom(time());
for (index=0; index<len; index++) {
((char*)buf)[index] = (char)random();
}
for (index=0; index<len; index++) {
total += ((char*)buf)[random() % len];
}
return total;
}
Convince the compiler that you are interested in the return value, and
doesn't it have to do the work? Maybe the second loop could be shortened
to a single random array access. Faster would be to do wide accesses,
maybe some unwinding, but that's more work to write. And too much such
work might give too many clues to the compiler.
The optimizer isn't so perverse as to reverse engineer random(), is it?
I like using random (-ish) data for things like testing disk speed or
network speed or RAM bandwidth, because zero is a common thing to cheat
about, some subsystem recognizes what you are doing and agrees to
pretend the data is now zero, effectively doing some really efficient
compression. As memory subsytems get more and more like disks, they
might start doing these tricks, too. And as has been mentioned, with
virtualization sneaking in without always telling you, you aren't just
doing battle with the optimizer; your zeros might get deduplicated with
other's while your real data lives on, sitting there, itself trying to
be deduplicated with completely unrelated data belonging to completely
unrelated customers.
I want to avoid what I like to call The Mikado Rule.
As Koko said in Gilbert and Sullivan's The Mikado:
It's like this: When your Majesty says, "Let a thing be done," it's
as good as done — practically, it is done — because your Majesty's
will is law. Your Majesty says, "Kill a gentleman," and a gentleman
is to be killed. Consequently, that gentleman is as good as dead —
practically, he is dead — and if he is dead, why not say so?
The argument was good enough in the very silly world of The Mikado, and
it is also the general approach to efficient modern computing.
Using random (-ish) data is a way to force the work.
-kb, the Kent who won't make a gruesome and current Syria analogy to
photographic evidence and Bashar al-Assad.
More information about the cryptography
mailing list