Software leaves encryption keys, passwords lying around in memory
Simon Fowler
simon at himi.org
Wed Nov 6 16:18:15 EST 2002
On Wed, Nov 06, 2002 at 04:05:47PM +1100, Ben Elliston wrote:
> >>>>> "Vennonen," == Vennonen, Ari J <ari.vennonen=r3q2otnueiw at public.gmane.org> writes:
>
> Ari> future enhancement to the optimiser may turn it back into a
> Ari> nop. What it really needs is the addition of a #pragma
> Ari> dont_remove_this_code_you_bastard in the compiler. Until then,
> Ari> a lot of security code will be affected by this problem.
>
> A cheap alternative is to disable the relevant optimisations.
>
That's probably rather painful on cryptographic software, unless the
important bits are written in hand-optimised asm. Just consider the
amount of cpu intensive stuff that's involved in implementing a
cipher . . .
A much better approach would be to just make sure you /did/
something with the cleared memory afterwards. And being aware of the
need is rather important.
Simon
--
PGP public key Id 0x144A991C, or http://himi.org/stuff/himi.asc
(crappy) Homepage: http://himi.org
doe #237 (see http://www.lemuria.org/DeCSS)
My DeCSS mirror: ftp://himi.org/pub/mirrors/css/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20021106/74e6ac7e/attachment.bin
More information about the linux
mailing list