[cryptography] Best practices for paranoid secret buffers

brno spartak at autistici.org
Wed May 7 10:37:09 EDT 2014


On 07/05/2014 16:27, Swair Mehta wrote:
> Mprotect() to keep stray pointers out. 
> Obfuscate data kept in that memory.
> 
> You can do a lot in software and in practice that might be enough. In
> theory, true security can only be achieved through hardware based
> security modules-atleast thats what I feel, others might disagree.
> 
> Paranoid buffers do have some overhead involved but if that overhead is
> going to delay obtaining secrets from a memory dump, i'd say its worth it.
> 

hello,

does something like softHSM or ssh-agent helps?

-br



More information about the cryptography mailing list