[cryptography] Best practices for paranoid secret buffers
marcus.brinkmann at ruhr-uni-bochum.de
Wed May 7 10:05:51 EDT 2014
On 05/07/2014 05:56 AM, Tony Arcieri wrote:
> - malloc/free + separate process for crypto
> - malloc/free + mlock/munlock + "secure zeroing"
> - mmap/munmap (+ mlock/munlock)
Separate process protects from a different threat than mlock/munlock
(the latter prevents swapping out the pages to the swap device).
Depending on your paranoia level, maybe scramble the buffer if it is
held unused for a long time. The scrambling secret should be short
enough not to stick out like a sore thumb in a memory dump. Although
that probably won't help much (it works better if the secret key and the
scrambling key are in different processes).
More information about the cryptography