[Cryptography] Secure erasure

Ray Dillinger bear at sonic.net
Sun Sep 11 13:28:08 EDT 2016



On 09/11/2016 03:00 AM, Ralf Senderek wrote:
> 
> 
> On Sat, 10 Sep 2016, Jerry Leichter wrote:
> 
>>  The sophisticated attacks we talk about here are *not* how hacking is
>> done today.
>>  We haven't even seen evidence of the government actors going that far.
>>  There are way too many easier attacks.
> 
> Agreed.
> 

Agreed?!  What the hell was Heartbleed, if not an attack
on memory that ought to've been secure-erased?  No.  NOT
agreed!  These are attacks we're dealing with in the field
right now, and we need ways to defend against them!

Sure, it got accessed through a buffer hack that invoked
undefined behavior and ought to've also been defended against.

But defense in depth means that not only should the buffer
hack not work, but also that even if the buffer hack does
work there should be nothing for it to take.

			Bear


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160911/3bc8d056/attachment.sig>


More information about the cryptography mailing list