[Cryptography] Secure erasure in C.

Patrick patrick at rayservers.net
Thu Sep 8 19:59:43 EDT 2016


Kent Borg wrote on 09/08/2016 12:25 PM:
> On 09/07/2016 04:04 PM, Ray Dillinger wrote:
>> For years I'd been defining 'erase' using
>>
>> //////
>> static void *(*const volatile deleter)(void*,int,size_t)=memset;
>> static void erase(void *buf,size_t len){deleter(buf, 0, len);}
>> //////
> 
> How about something like this?
> 
>   unsigned long secure_erase(void *buf, size_t len)
>   {
>     size_t index;
>     unsigned long total = 0;
> 
>     srandom(time());
> 
>     for (index=0; index<len; index++) {
>       ((char*)buf)[index] = (char)random();
>     }
>     for (index=0; index<len; index++) {
>       total += ((char*)buf)[random() % len];
>     }
>     return total;
>   }
> 
> Convince the compiler that you are interested in the return value, and
> doesn't it have to do the work? ...

Whatever called this routine would also have to convince the compiler
that IT was interested in the return value.  Ultimately I think you'd
have to print the total to stdout to prevent the whole chain of calls
from being elided entirely.  Alternatively, you could store the total in
a volatile memory cell (similar to the CRC proposal from Ray Dillinger),
which as far as the compiler is concerned is very much like printing
something to stdout.

It is clever that you're doing the total from a series of random
locations so the compiler can't just do the sum right inside the first
loop without storing anything in the buffer.  As far as the compiler
knows, random() could make the loop sum up any single cell len times, or
all len of the cells 1 time each, or any possible behavior in between.

One could certainly pre-compute all possible totals for all possible
time values, but I doubt that would lead to any useful compression or
optimization.


-- Patrick



More information about the cryptography mailing list