[Cryptography] Secure erasure

[Jerry Leichter]

>> The argument is:  No one will pay for special compiler modes, special
>> code in OS's, special hardware support, all to carefully route around
>> optimizations that may, as a side effect, in special circumstances,
>> cause data to leak - when that's not a leakage path that anyone is likely
>> to actually attack, because much easier ones exist.
> 
> ...
> You know that I speak in favour of a *separation* (normal,buggy
> user machine vs separate. well-designed less vulnerable personal
> security server) and here the information an attacker can gain is
> considerably restricted compared with what can be exfiltrated if
> everything happens on the (ONE) traditional device.
...which is exactly the point I'm arguing as well:  The general-purpose machine will be insecure because it's impractically expensive to make it secure, so the right approach is to live with that and create a design where security issues in that portion of the machine are irrelevant to the security of the system as a whole.

> Anyway, the IBM/VAX story is well worth to be told (twice).
> I just cannot figure out in what way it'll support your argument,
Actually, I prefaced it by saying it was an argument in the opposite direction. :-)

However ... both the VAX and the Alpha are long-dead architectures (though I still have a bunch of micro-VAXes in my garage; haven't powered them up in many years).  So ... at one point, architects and implementers actually worried about this stuff.  Do they still?  I have my doubts....

> other than that it's crucial for the *separate device* to not
> leave anything to chance, as much as this is possible.
Indeed.
                                                        -- Jerry