[Cryptography] It's all K&R's fault
Jerry Leichter
leichter at lrw.com
Mon Apr 21 06:07:18 EDT 2014
On Apr 20, 2014, at 9:37 PM, Watson Ladd <watsonbladd at gmail.com> wrote:
> Why does it matter if we make copies in memory if they do not go to
> unencrypted disk or can be seen by any other application, or leaked by
> our application? Wiping memory and pinning to avoid swap assume that
> 1) the OS won't wipe memory between processes and 2) swap is
> unencrypted.
It's a matter of defense in depth. Values that have been erased can't be leaked due to misconfigurations, snarfed by attack code that gets slipped into the process, recovered from memory by someone who grabs the device while it's running. I agree with you that encrypted swap plus language-level protections are pretty good, especially in something like a data center environment. But if we're talking, say, a phone - maybe you want to go further.
-- Jerry
More information about the cryptography
mailing list