On 05/07/2014 08:31 AM, Joshua Hill wrote:
On Mon, May 05, 2014 at 10:37:48PM +0200, Marcus Brinkmann wrote:
It is well known that the DES S-Boxes were specifically designed (by the
NSA, no less, back in the good ol' days) to protect against that attack.
This was the lore for years after the
On Tue, May 6, 2014 at 11:56 PM, Tony Arcieri basc...@gmail.com wrote:
Can anyone point me at some best practices for implementing buffer types for
storing secrets?
There are the general coding rules at cryptocoding.net for example, that say
you should use unsigned bytes and zero memory when
On 05/07/2014 05:56 AM, Tony Arcieri wrote:
- malloc/free + separate process for crypto
- malloc/free + mlock/munlock + secure zeroing
- mmap/munmap (+ mlock/munlock)
Separate process protects from a different threat than mlock/munlock
(the latter prevents swapping out the pages to the swap
Mprotect() to keep stray pointers out.
Obfuscate data kept in that memory.
You can do a lot in software and in practice that might be enough. In theory,
true security can only be achieved through hardware based security
modules-atleast thats what I feel, others might disagree.
Paranoid
On 07/05/2014 16:27, Swair Mehta wrote:
Mprotect() to keep stray pointers out.
Obfuscate data kept in that memory.
You can do a lot in software and in practice that might be enough. In
theory, true security can only be achieved through hardware based
security modules-atleast thats what I
On 5/6/2014 11:56 PM, Tony Arcieri wrote:
Can anyone point me at some best practices for implementing buffer
types for storing secrets?
There are the general coding rules at cryptocoding.net
http://cryptocoding.net for example, that say you should use
unsigned bytes and zero memory when
On Wed, 7 May 2014, Kevin wrote:
[...]
Should finalizers be explicit or implicit? (or should an implicit
finalizer try to make sure buffers are finalized if you don't do it
yourself?)
Probably time to mention this classic:
http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
On Wed, May 7, 2014 at 8:15 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Tue, May 6, 2014 at 11:56 PM, Tony Arcieri basc...@gmail.com wrote:
Can anyone point me at some best practices for implementing buffer types for
storing secrets?
There are the general coding rules at cryptocoding.net