[cryptography] Just how bad is OpenSSL ?
thierry.moreau at connotech.com
Tue Oct 30 12:11:12 EDT 2012
Solar Designer wrote:
> On Tue, Oct 30, 2012 at 11:29:17AM -0400, Thierry Moreau wrote:
>> Isn't memory-space cleanse() isolated from file system specifics except
>> for the swap space?
> Normally yes, but the swap space may be in a file (rather than a disk
> partition), or the swap partition may be in a virtual machine, which may
> reside in a file.
>> Is the SSD technology used for swap state in any of the OS distributions?
> It depends on how the OS is installed. Plenty of installs have swap on SSD.
>> Assuming that cleanse() as to deal only with L1 CPU cache, L2 CPU cache,
>> main memory, and swap space, I considered a periodical "swap space
>> sanitation" operation to be useful: add a new swap space partition,
>> remove an existing one, sanitize the removed one (low-level, below file
>> system), put it back into the available set of partitions. I did not
>> experiment in practice.
>> But that "partition sanitation" strategy ought to be part of an "open
>> HSM" type of project.
> What kind of HSM is that where you expect to need swap at all? Just
> disable swap, unless you're using an OS that can't live without swap.
I don't know. The intended HSM is Linux-based with a selected set of
software components for its mission: server-side packages that would be
on the closed HSM's host are candidates for the open HSM context.
Then it's just a matter of the shortest route to finish: route a) secure
the swap, route b) monitor software components for maximum memory usage
vs physical mem plus make a memory exhaustion fault analysis.
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
More information about the cryptography