[Cryptography] [Crypto-practicum] Secure erasure in C.

[Ron Garret]

On Sep 9, 2016, at 3:22 PM, Ray Dillinger <bear at sonic.net> wrote:

> On 09/08/2016 07:10 PM, Salz, Rich wrote:
> 
>> (Side note:  haven't we had enough of C and language discussions here?)
> 
> I really, really wish operating systems were implemented in something
> else.  If we had Pascal discussions instead of C discussions at least
> we'd be talking about something with array bounds checking.

How would that help?  (BTW, if you want array bounds checking you can have it in C, you just can’t use C’s [] operator to access arrays.)

> But operating systems are written in C, so you can't get secure erasure
> in anything else unless you can get it in C.

This has nothing to do with the language the OS is written in, this has to do with whether or not the OS provides a secure memory model.  Any OS written in any language can copy anything anywhere any time.  Or not — it’s (obviously!) a design decision.  But if you really want to be secure you do need a secure OS.  (Of course, the most secure OS is no OS.)

> And it looks like you can't get it in C unless you can get it in assembly language,

Again, this has nothing to do with C.  Ultimately assembly language is all there is on a computer, everything else is an abstraction.  So if you can’t do it in assembly, you can’t do it in any language.

> and you can't get it in assembly language unless you can get it in silicon.

Of course.  If the hardware can't do X then your assembly language will likewise be unable to do X for any X.

> Where's the bottom turtle?

What’s your threat model?

rg