Re: [cryptography] DES history

2014-05-07 Thread Marcus Brinkmann
On 05/07/2014 08:31 AM, Joshua Hill wrote: On Mon, May 05, 2014 at 10:37:48PM +0200, Marcus Brinkmann wrote: It is well known that the DES S-Boxes were specifically designed (by the NSA, no less, back in the good ol' days) to protect against that attack. This was the lore for years after the

Re: [cryptography] Best practices for paranoid secret buffers

2014-05-07 Thread Jeffrey Walton
On Tue, May 6, 2014 at 11:56 PM, Tony Arcieri basc...@gmail.com wrote: Can anyone point me at some best practices for implementing buffer types for storing secrets? There are the general coding rules at cryptocoding.net for example, that say you should use unsigned bytes and zero memory when

Re: [cryptography] Best practices for paranoid secret buffers

2014-05-07 Thread Marcus Brinkmann
On 05/07/2014 05:56 AM, Tony Arcieri wrote: - malloc/free + separate process for crypto - malloc/free + mlock/munlock + secure zeroing - mmap/munmap (+ mlock/munlock) Separate process protects from a different threat than mlock/munlock (the latter prevents swapping out the pages to the swap

Re: [cryptography] Best practices for paranoid secret buffers

2014-05-07 Thread Swair Mehta
Mprotect() to keep stray pointers out. Obfuscate data kept in that memory. You can do a lot in software and in practice that might be enough. In theory, true security can only be achieved through hardware based security modules-atleast thats what I feel, others might disagree. Paranoid

Re: [cryptography] Best practices for paranoid secret buffers

2014-05-07 Thread brno
On 07/05/2014 16:27, Swair Mehta wrote: Mprotect() to keep stray pointers out. Obfuscate data kept in that memory. You can do a lot in software and in practice that might be enough. In theory, true security can only be achieved through hardware based security modules-atleast thats what I

Re: [cryptography] Best practices for paranoid secret buffers

2014-05-07 Thread Kevin
On 5/6/2014 11:56 PM, Tony Arcieri wrote: Can anyone point me at some best practices for implementing buffer types for storing secrets? There are the general coding rules at cryptocoding.net http://cryptocoding.net for example, that say you should use unsigned bytes and zero memory when

Re: [cryptography] Best practices for paranoid secret buffers

2014-05-07 Thread Dave Horsfall
On Wed, 7 May 2014, Kevin wrote: [...] Should finalizers be explicit or implicit? (or should an implicit finalizer try to make sure buffers are finalized if you don't do it yourself?) Probably time to mention this classic: http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

Re: [cryptography] Best practices for paranoid secret buffers

2014-05-07 Thread Kevin W. Wall
On Wed, May 7, 2014 at 8:15 AM, Jeffrey Walton noloa...@gmail.com wrote: On Tue, May 6, 2014 at 11:56 PM, Tony Arcieri basc...@gmail.com wrote: Can anyone point me at some best practices for implementing buffer types for storing secrets? There are the general coding rules at cryptocoding.net