Date: Tue, 26 Feb 2008 19:42:17 +0100 From: gregoryd.freebsd@free.fr To: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Cc: Jeremy Chadwick <koitsu@freebsd.org>, hackers@freebsd.org, Pieter de Boer <pieter@thedarkside.nl>, Atom Smasher <atom@smasher.org> Subject: Re: Zeroing sensitive memory chunks [Was: Security Flaw in Popular Disk Encryption Technologies] Message-ID: <1204051337.47c45d89ea6eb@imp.free.fr> In-Reply-To: <CHndeNGUDnyFiyFuhzNdulGXPe8@nE9n69L2PrcQKa%2Be6OgU6kZtlVg> References: <20080223010856.7244.qmail@smasher.org> <47C068B5.2090000@thedarkside.nl> <20080223185620.GA98105@eos.sc1.parodius.com> <CHndeNGUDnyFiyFuhzNdulGXPe8@nE9n69L2PrcQKa%2Be6OgU6kZtlVg>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Eygene Ryabinkin <rea-fbsd@codelabs.ru>: > *) New function OPENSSL_cleanse(), which is used to cleanse a section of > memory from it's contents. This is done with a counter that will > place alternating values in each byte. This can be used to solve > two issues: 1) the removal of calls to memset() by highly optimizing > compilers, and 2) cleansing with other values than 0, since those can > be read through on certain media, for example a swap space on disk. > [Geoff Thorpe] > > The '1)' is what I was talking about. '2)' is not very clear to > me now, I should research what Geoff meant. If anyone has an idea, > please comment. I thought it might mean that on certain media, such as disks, data can be read even after it has been overwriten a certain number of times (magnetic properties of the media, this is a method used by some police labs to recover lost data, I've been told, but maybe the man was just a paranoid). So even "cleansing" a crypted swap space this way would not render it safe (you would have to repeat it enough times so that the layers are definitively overwritten) Now I am no physics/chemics specialist, and this might not be the meaning of Geoff Thorpe: anyway you asked for an idea :-) And I would also like to know the end of it... gregory
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1204051337.47c45d89ea6eb>