[cryptography] Best practices for paranoid secret buffers

Marcus Brinkmann marcus.brinkmann at ruhr-uni-bochum.de
Wed May 7 10:05:51 EDT 2014


On 05/07/2014 05:56 AM, Tony Arcieri wrote:
> - malloc/free + separate process for crypto
> - malloc/free + mlock/munlock + "secure zeroing"
> - mmap/munmap (+ mlock/munlock)

Separate process protects from a different threat than mlock/munlock 
(the latter prevents swapping out the pages to the swap device).

Depending on your paranoia level, maybe scramble the buffer if it is 
held unused for a long time.  The scrambling secret should be short 
enough not to stick out like a sore thumb in a memory dump.  Although 
that probably won't help much (it works better if the secret key and the 
scrambling key are in different processes).






More information about the cryptography mailing list