Minimizing the time: include existing C interfaces #159
Conversation
| #### Minimizing the Time Keys/Decrypted Data Exists | ||
|
|
||
| Remember that per least privilege, we want to minimize the time a privilege is active. In cryptography, you often want to minimize the time a private key or password is available, or at least minimize the time that the decrypted data is available. This can be harder that you might think. At the operating system level you can probably lock it into memory with **mlock()** or **VirtualLock()**; this will at least prevent the data from being copied into storage. Ideally, you would erase it from memory after use, though that is often surprisingly difficult. Compilers may turn overwrite code into a no-op, because they detect that nothing reads the overwritten values. Languages with built-in garbage collection often quietly make extra copies and/or do not provide a mechanism for erasure. That said, some languages or infrastructure do make this easy. For example, those using the .NET framework (e.g., C#) can use SecureString. | ||
| Remember that per least privilege, we want to minimize the time a privilege is active. In cryptography, you often want to minimize the time a private key or password is available, or at least minimize the time that the decrypted data is available. This can be harder that you might think. At the operating system level you can probably lock it into memory with **mlock()** or **VirtualLock()**; this will at least prevent the data from being copied into storage. Ideally, you would erase it from memory after use using interfaces that are safe for that purpose. The reason is that compilers since they detect that nothing reads the overwritten values optimize the code out as no-op. The following interfaces in C and C++ are safe for overwriting sensitive data in memory. |
There was a problem hiding this comment.
The reason is that compilers since they detect that nothing reads the overwritten values optimize the code out as no-op.
This sentence doesn't make sense. Did you mean:
Compiler optimizers may quietly eliminate the code to overwrite data, because they detect that nothing else in the program reads the overwritten values. In addition, languages with built-in garbage collection often quietly make extra copies and/or do not provide a mechanism for erasure.
Also, change:
safe for overwriting
to:
safer for overwriting
as there are still ways to misuse them, esp. if data regions are declared as volatile. See:
- https://www.gnu.org/software/gnulib/manual/html_node/explicit_005fbzero.html
- https://www.gnu.org/software/gnulib/manual/html_node/memset_005fexplicit.html
It doesn't mention memset_explicit, but that's new so I think that's okay.
There was a problem hiding this comment.
I couldn't have expressed it better. Thanks, I've updated the text.
I checked GNU libc manual and there is only explicit_bzero. memset_explicit seems to be available only in gnulib (which despite the name is not the same as the gnu libc).
There was a problem hiding this comment.
The text In addition, languages with built-in garbage collection often quietly make extra copies and/or do not provide a mechanism for erasure. was listed (in the first version I submitted) at the end, after the C/C++ interfaces. I merged the texts, and kept For example, those using the .NET framework (e.g., C#) can use SecureString..
As a result the C/C++ interfaces are now listed at the end of the paragraph.
nmav
force-pushed
the
tmp-memcmp
branch
2 times, most recently
from
1eadd2c to
0f23031
Compare
nmav
changed the title
This includes the C interfaces that exist to overwrite sensitive data from memory such as explicit_bzero. As this is a common mistake not to overwrite the data, I think listing these interfaces has value even if a complete solution that includes security from the memory swap is harder. Signed-off-by: Nikos Mavrogiannopoulos <[email protected]>
|
Thanks so much! Merged. Again, sorry for the delay. |
2 participants
This includes the C interfaces that exist to overwrite sensitive data from memory such as explicit_bzero. As this is a common mistake not to overwrite the data, I think listing these interfaces has value even if a complete solution that includes security from the memory swap is harder.