On Wed, 2 Mar 2011 17:31:07 -0800 Scott McMurray <me22.ca+boost@gmail.com> wrote:
On Wed, Mar 2, 2011 at 06:16, Christopher Jefferson <chris@bubblescope.net> wrote:
The 'secure' flag at the moment I believe cannot be trusted to work. Compilers can, and do, optimise out memset if it can prove the memory will not be changed again. [...]
I'm not convinced that either of those answers are correct, since neither prevents the OS from swapping the memory to disk while it contains secret data.
A known and documented problem: <http://www.oakcircle.com/xint_docs/structboost_1_1xint_1_1options_1_1secure.html>
To me, it seems that Boost isn't the place for anything that claims to be "secure", since the community is unsufficiently skilled in interpretive dance: see <http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html>, or specifically <http://2.bp.blogspot.com/_Zfbv3mHcYrc/Sre5JqBKZyI/AAAAAAAABn8/Op-n-e0JVaA/s1600-h/aes_act_3_scene_02_agreement_1100.png> :)
Perhaps an alternate name for that option, then. One that wouldn't be too much longer or too many words, but also wouldn't be misinterpreted as providing true security... perhaps more_secure? It requires a little less typing, and is less frightening, than less_insecure. ;-) -- Chad Nelson Oak Circle Software, Inc. * * *