On 11 March 2011 18:51, Chad Nelson <chad.thecomfychair@gmail.com> wrote:
That was brought up during the review this week. I plan to implement much safer zeroing code than is presently in there now,
How? Short of platform-specific extensions (which basically inhibit the optimizer) or waiting around for the next C standard (with memset_s), I'm not seeing it. A discussion of this issue can be found at < https://www.securecoding.cert.org/confluence/display/cplusplus/MSC06-CPP.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data>, where their conclusion is "However, it should be noted that both calling functions and accessing volatile qualified objects can still be optimized out (while maintaining strict conformance to the standard), so the above may still not work." and provide a
way for people to add their own if they feel that my implementation is insufficient.
Either you are making a guarantee or you aren't. If you aren't, it worse than not doing anything at all, as it gives people a false sense of security.
This stuff is hard to get right. You are better off not implementing it.
On the contrary. It's *because* it's hard to get right that it belongs in a library.
By experts (and even they aren't perfect). When non-experts do it, we get vulnerabilities. -- Nevin ":-)" Liber <mailto:nevin@eviloverlord.com> (847) 691-1404