[Cryptography] Fast-key-erasure RNG and fork()ing

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Jun 27 01:39:25 EDT 2018

John-Mark Gurney <jmg at funkthat.com> writes:

>A great solution is the flag to zero a page on fork...

That's actually much less portable than pthread_atfork(), and also nowhere
near as clean.  With atfork you get immediate notification via a signal-like
mechanism that the process has forked, with INHERIT_ZERO you have to carefully
check your pool contents from each bit of code that accesses it to see whether
its suddenly gone to zero, as well as having to interact with, or at least be
aware of, the system's MMU in order to deal with the page level at which
things operate.

A less ugly way would be to have a page set aside that's filled with 0xFF's,
mark it as INHERIT_ZERO, and use that as a signal that you've forked, but even
that's still less portable and clunkier than atfork.


More information about the cryptography mailing list