[Cryptography] [Crypto-practicum] Secure erasure in C.

[Henry Baker]

At 03:45 PM 9/8/2016, Kent Borg wrote:
>On 09/08/2016 02:49 PM, Henry Baker wrote:
>>So you can assume that every flash memory is also compromised, and will look for (and squirrel away) interesting data for later exfiltration. 
>
>Along with the CPU and the network and ...
>
>>Include *Flint* (as in Derek Flint; Google it!) in your list of attackers, along with Eve, etc.
>
>Our Man Flint! I am so old I remember the movie. But I don't immediately spot the flash connection.
>
>I guess I still like the overwrite with random (-ish) data. If you had reason to trust that buffer in the first place, why not trust it to accept the overwritten data? Seems a way to get the compiler to do what it is told: tell it something complicated.

Writing a flash memory with the contents of a crypto-quality RNG can place a *lower bound* on how many bits it can store, but in these days of multi-GByte flash memories, it is difficult -- if not impossible -- to know if there are a few hundred MBytes of "squirrel cache" memory hiding in there, as well.

Also, the moment you start using the flash memory for real (and likely quite compressible) data, Mr. Flint starts compressing *your* data to make room for *his* snooping data.

One possible solution: a "one-time pad".  Utilize *two* *independent* flash memories, and store a crypto random stream R on one and the stream (R xor D) on the other, where D is the stream of *your* data.

Neither R nor (R xor D) is independently compressible, so our man Flint is permanently stuck with just his hidden memory, and no compression algorithm will enable him to free up any more memory.

(BTW, Derek Flint is a SPY!)