Clearing sensitive in-memory data in perl
Sidney Markowitz
sidney at sidney.com
Sun Sep 11 18:33:59 EDT 2005
Does anyone know of an open source crypto package written in perl that
is careful to try to clear sensitive data structures before they are
released to the garbage collector?
Failing that, does anyone know of an example that tries to deal with the
particularly bad effect that at least on some perl platforms writing to
a tied DB_File results in data from garbage collected strings appearing
in the unused space between the logical end of file and the end of the
allocated disk block?
And failing that, how about a reference to how one would go about
preventing leaking sensitive information in garbage collected strings
when writing in perl. Google and reading perl documentation hasn't
helped me so far, but I find it hard to believe that this has not been
considered when writing crypto software in perl.
Thanks,
Sidney Markowitz
http://www.sidney.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list