[Cryptography] Heartbleed and fundamental crypto programming practices
Jerry Leichter
leichter at lrw.com
Fri Apr 11 07:43:17 EDT 2014
On Apr 10, 2014, at 1:34 PM, Sandy Harris <sandyinchina at gmail.com> wrote:
>> It is - or should be - just a fundamental principle of secure coding that you minimize the amount and time you keep "sensitive" data around in memory - *and that you never release control of it*. It's your responsibility - you don't hand it to the memory allocator.
>
> Yes.
>
> Here's an alternate take saying don't do your own buggy allocation and
> lose the error checking in system one.
> http://article.gmane.org/gmane.os.openbsd.misc/211963
Just to clarify: I'm not suggesting replacing the system memory allocator. What matters is not the handling of blocks of free and allocated storage - it's the care-taking of *sensitive content* within those blocks. It's fine to hand a block of memory back to the memory allocator; it's not so fine to hand over a block of memory full of sensitive data. But you can erase the data without affecting the block at the level of abstraction at which the memory allocator lives.
-- Jerry
More information about the cryptography
mailing list