[Cryptography] defending against common errors (was: secure erasure)

[Ron Garret]

On Sep 19, 2016, at 11:21 PM, John Denker <jsd at av8n.com> wrote:

> I would care quite a bit if somebody could suggest a
> solution that actually worked and was actually available.

The same day this thread started, I suggested:

> void erase_non_volatile(char* buf, size_t len) {
>  volatile char* buf1 = buf;
>  erase(buf1, len);
> }

with three associated versions of “erase” depending on exactly how paranoid you wanted to be.

Bear’s response was (in part):

> I don't think that's allowed unless the non-volatile
> object is 'static' in the first place, like a procedure
> or a static variable.  IME nothing can become 'volatile'
> unless its location can be fixed at compile time.  But
> now I have to go read the standard again because I may
> be remembering that incorrectly.  It would be very nice
> if it's allowed.

But then he never followed up on that, nor did anyone else.  So AFAICT, this solution is still viable.

Note that if Bear’s objection is correct then you are necessarily hosed unless you control the allocation of the buffer you are trying to erase so you can make it unambiguously volatile.  Because of this I’m pretty sure that Bear’s objection is not correct because if it were, not being able to reliably erase a buffer would be the least of your worries.

Either way, this ought to have been a much shorter conversation than it has been.

rg