[Cryptography] Secure erasure
Patrick Pelletier
code at funwithsoftware.org
Sat Sep 10 17:10:12 EDT 2016
On 9/9/16 5:28 PM, John Denker wrote:
> The way forward is to stop oversimplifying. Start by asking What's
> Your Threat Model. The real threats come from verrrry far outside
> the domain of specification for ordinary computer languages: cold
> boot, attackers with root privilege, NSA "tailoring" (i.e. subversion)
> of the firmware in the flash controller, tempest, et cetera.
I would argue the opposite: the most likely threat comes from a
Heartbleed-style vulnerability, where your own process gets tricked into
revealing the contents of its own memory. In that sort of a threat
model, the hardware doesn't matter, swap doesn't matter, caches don't
matter. All that matters is what's visible in the process's address
space. This is the sort of threat that the original question in this
thread can defend against, by zeroing memory.
--Patrick
More information about the cryptography
mailing list