[cryptography] Best practices for paranoid secret buffers

Tony Arcieri bascule at gmail.com
Tue May 6 23:56:15 EDT 2014

Can anyone point me at some best practices for implementing buffer types
for storing secrets?

There are the general coding rules at cryptocoding.net for example, that
say you should use unsigned bytes and zero memory when you're done, but I'm
more curious about specific strategies, like:

- malloc/free + separate process for crypto
- malloc/free + mlock/munlock + "secure zeroing"
- mmap/munmap (+ mlock/munlock)

Should finalizers be explicit or implicit? (or should an implicit finalizer
try to make sure buffers are finalized if you don't do it yourself?)

Are paranoid buffers worth the effort? Are the threats they'd potentially
mitigate realistic? Are there too many other things that can go wrong (e.g.
rewindable VMs) for this to matter?

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140506/ad92a9dd/attachment.html>

More information about the cryptography mailing list