[Cryptography] Heartbleed and fundamental crypto programming practices
Kevin W. Wall
kevin.w.wall at gmail.com
Fri Apr 11 01:55:02 EDT 2014
On Thu, Apr 10, 2014 at 2:30 PM, Bill Cox <waywardgeek at gmail.com> wrote:
[big snip]
> For years, the getpass manpage said getpass was obsolete and not to
> use it. At the same time, it did not recommend any other solution,
> and AKAIK, there was none. The current manpage does say in the BUGs
> section that it is critical for the user to clear the password ASAP,
> but there is no hint about how to actually do that in a way that the
> optimizer will honor.
I'd bet one way that you could clear the password would be to overwrite
it with random characters or just '*' and THEN write out the overwritten
password to a file descriptor associated with /dev/null. If there's
an optimizer that currently optimizes away code with writes to /dev/null,
I'd really be surprised. Sure, that is going to incur an additional
system call and it may reveal the length of a password for those who
can locally monitor I/O stats, etc. but I think that would be portable to
any *nix flavor system and I'd be really surprised if the optimizer
optimized it away because of the I/O. You could pass in a file descriptor
argument you are concerned about overly zealous optimizers as well, but
just make damn sure that it is really associated with /dev/null. (But
even it if is not, all you likely are leaking is a password length.)
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.
More information about the cryptography
mailing list