Am 18.05.2014 19:02, schrieb Daniel Stenberg: > This option only disables the random fill of the free data, it still > overwrites memory - only with zeros instead. So it doesn't disable > memory overwrite at all.
You are right, originally the patch included the following hunk: +#ifdef LIBSSH2_MEMORY_OVERWRITE + if (len > 0) + _libssh2_wincng_random(buf, len); +#endif instead of +#ifdef LIBSSH2_MEMORY_OVERWRITE + if (len > 0) + _libssh2_wincng_random(buf, len); +#else + if (len > 0) + memset(buf, 0, len); +#endif I changed this during the latest rebase to always at least overwrite the data with zeros. > A question though: is there really anyone who suggests that it is > safer to fill the data with random data rather than just zeros? I just > can't see the point with doing such a slow operation and waste random > seed on this. I don't have specific expertise in this area, but I think a reason could be that a compiler might be tempted to optimize memset(buf, 0, len) out. Looking at the memory erasure procedure of the Tails operating system [1], it seems like overwriting with zeros is enough: > Actual memory erasure process > > The software that performs the actual memory erasure is sdmem, which > is part of the secure-delete package. sdmem is called using the -v > (verbose mode) option to give feedback to the user, as well as the > -llf options: memory is only overwritten once with zeros; this is the > fastest available mode, and is enough to protect against every memory > forensics attack we know of. [1] https://tails.boum.org/contribute/design/memory_erasure/ _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
