[cryptography] Just how bad is OpenSSL ?

Thierry Moreau thierry.moreau at connotech.com
Tue Oct 30 12:11:12 EDT 2012


Solar Designer wrote:
> On Tue, Oct 30, 2012 at 11:29:17AM -0400, Thierry Moreau wrote:
>> Isn't memory-space cleanse() isolated from file system specifics except 
>> for the swap space?
> 
> Normally yes, but the swap space may be in a file (rather than a disk
> partition), or the swap partition may be in a virtual machine, which may
> reside in a file.
> 
>> Is the SSD technology used for swap state in any of the OS distributions?
> 
> It depends on how the OS is installed.  Plenty of installs have swap on SSD.
> 
>> Assuming that cleanse() as to deal only with L1 CPU cache, L2 CPU cache, 
>> main memory, and swap space, I considered a periodical "swap space 
>> sanitation" operation to be useful: add a new swap space partition, 
>> remove an existing one, sanitize the removed one (low-level, below file 
>> system), put it back into the available set of partitions. I did not 
>> experiment in practice.
>>
>> But that "partition sanitation" strategy ought to be part of an "open 
>> HSM" type of project.
> 
> What kind of HSM is that where you expect to need swap at all?  Just
> disable swap, unless you're using an OS that can't live without swap.
> 

I don't know. The intended HSM is Linux-based with a selected set of 
software components for its mission: server-side packages that would be 
on the closed HSM's host are candidates for the open HSM context.

Then it's just a matter of the shortest route to finish: route a) secure 
the swap, route b) monitor software components for maximum memory usage 
vs physical mem plus make a memory exhaustion fault analysis.



> Alexander
> 


-- 
- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1

Tel. +1-514-385-5691



More information about the cryptography mailing list