[Cryptography] Heartbleed and fundamental crypto programming practices
Bill Frantz
frantz at pwpconsult.com
Mon Apr 14 02:27:55 EDT 2014
On 4/10/14 at 8:44 PM, jays at panix.com (Jay Sulzberger) wrote:
>>Casting to a volatile pointer is a trick that might not work on all
>>compilers, so it should be checked with each. Even so, you'll still
>>leak data. For example, a password length might have been passed as a
>>parameter (as above, when I clear it), and it might be on the stack,
>>or in a register. When interrupts happen, those registers get written
>>to different places, and a leak can happen. If your program gets
>>written to swap, core-dumped to a file, or if it's a laptop in
>>hibernation, chances are you're red-data can get written to disk.
>>With SSDs, you can't erase that data because of the algorithms to
>>uniformly distribute writes so that some locations don't wear out too
>>fast.
>
>For such code one should not use a compiler which requires a
>trick to get a fundamental routine to compile to code which does
>the job.
>
>That means no standard C nor C++ compiler.
Assembler subroutines are your friend. Clearing memory is easy
to write in assembler, but not very portable between architectures.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to
do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |
More information about the cryptography
mailing list