[Cryptography] Secure erasure in C.
hbaker1 at pipeline.com
Sun Sep 11 09:54:01 EDT 2016
At 03:08 PM 9/10/2016, Christian Huitema wrote:
>The good news is that mainstream compilers support something like "#pragma optimize(off)", allowing to turn off optimization for a specific code segment.
>Bracketing the erasure routine with such pragmas should ensure that it erases as intended, at least as far as C is concerned.
I know of no "#pragma optimize(off)" for the operating system, the disk drive caches, or the CPU caches.
The "split I and D cache" hack allows the CPU to execute one stream of instructions, while displaying (via the D cache) a completely different stream of instructions to anyone who is trying to understand what instructions are being executed.
Using Jacob Torrey's TLB-splitting technique, one can arbitrarily change what is being executed, *no matter what the programmer wrote*.
See Jacob Torrey "MoRE Shadow Walker: TLB-splitting on the Modern x86"
More information about the cryptography