[Cryptography] Secure erasure in C.
Phillip Hallam-Baker
phill at hallambaker.com
Fri Sep 9 04:35:37 EDT 2016
On Fri, Sep 9, 2016 at 4:10 AM, Salz, Rich <rsalz at akamai.com> wrote:
> > On Windows platforms, Microsoft has a library that offers some form of
> secure erasure but I haven't used it directly. Instead I rely on the crypto
> implementations using it.
>
> > Documenting support for similar features in OSX and *nix would be a very
> useful community service. It might well be necessary to write them first
> :-).
>
> OpenSSL uses assembler when possible and defaults to memset via volatile
> pointer when not. Just use that zeroizing routine for maximum portability?
>
I don't think that is sufficient. Virtually every machine has a memory
manager that is continually copying blocks of memory between disk, DRAM and
cache.
Unless you know that the platform is correctly zeroizing pages on load and
writing through cache values, there is no guarantee that any application
layer code will reliably erase.
> (Side note: haven't we had enough of C and language discussions here?)
>
I think the C part can be given a miss. It is a systems issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160909/83d03430/attachment.html>
More information about the cryptography
mailing list