On 03/02/2011 07:31 PM, Scott McMurray wrote:
I'm not convinced that either of those answers are correct, since neither prevents the OS from swapping the memory to disk while it contains secret data.
(Or your cloud provider from migrating your whole OS image across a network.)
To me, it seems that Boost isn't the place for anything that claims to be "secure", since the community is unsufficiently skilled in interpretive dance: see <http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html>, or specifically <http://2.bp.blogspot.com/_Zfbv3mHcYrc/Sre5JqBKZyI/AAAAAAAABn8/Op-n-e0JVaA/s1600-h/aes_act_3_scene_02_agreement_1100.png> :)
+1 There are some not-entirely-unheard of operating systems that emit detectable patterns from /dev/random. Libraries like OpenSSL dedicate large amounts of code to secure random generation for this sort of reason. But they're still vulnerable to a Debian maintainer changing something he doesn't understand. The RSA example is a great way to demonstrate bigint libraries - and a terrible thing to actually use it for. I suggest any wording suggesting "cryptographically secure" be avoided. Even dedicated purpose cryptographic libraries written and maintained by experts are still weeding out the tiny bugs and timing and cache side-channel attacks years later. - Marsh