Clearing sensitive in-memory data in perl
Jerrold Leichter
leichter at smarts.com
Sat Sep 17 14:14:05 EDT 2005
[Moderator's note: forwarded on Jerry's behalf -- he's having mail problems.]
| >>So wouldn't the world be a better place if we could all agree on a
| >>single such library? Or at least, a single API. Like the STL is for C++.
| >>
| >
| >
| > Yes, absolutely, but who is going to do it?
|
| One could argue it has already been done.
|
| There exists a widely available, freely available, well-implemented
| example of something just like the STL for C++. It is called
| "the STL for C++".
|
| a) Writing in C++ is easier than writing in C.
|
| b) Porting legacy C to C++ isn't rocket surgery. It can be done
| incrementally.
And the STL is safer than C ... in what sense? STL iterators are modeled on C
pointers - warts and all. An STL iterator can point to random memory just as
easily as a C pointer. An indexing operation into an STL vector or similar
data structure is subject to exactly as much range checking as a C indexing
operation.
Yes, there exist implementations of the STL that check such things - just as
there exist implementations of C that check such things. None appear to be
widely used. And, of course, while no standard *forbids* such checks, none
*require* them, so (a) availability is spotty; (b) compilers typically contain
no optimizations aimed at making such things efficient.
RISKS had a large number of messages on this topic back in 2002. I wrote one
long commentary (in RISKS 21.85 - see http://catless.ncl.ac.uk/Risks/21.85 for
one on-line source) that I stand by to this day. Very little has changed.
(Actually, there has been a *bit* of improvement: Microsoft submitted a
proposal for a set of new string - and related - functions for standardization
in the C library. They differ from the classic functions in always having an
explicit output buffer length. Personally, I find the particular API typical
of Microsoft - butt-ugly and a pain to use - and I *think* that the standards
groups may be re-working them. But one way or another, after all these years,
we may eventually have safe alternatives - once we work throught the
standardization process and get the stuff out there (I'd guess another 2 years
at least before you can safely assume that it'll be available).
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list