[cryptography] Best practices for paranoid secret buffers

Dave Horsfall dave at horsfall.org
Wed May 7 16:38:59 EDT 2014


On Wed, 7 May 2014, Kevin wrote:

[...]

> Should finalizers be explicit or implicit? (or should an implicit 
> finalizer try to make sure buffers are finalized if you don't do it 
> yourself?)

Probably time to mention this classic:

http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

In brief, can you trust your compiler?  I'm told that one version actually 
escaped from BBN, but thankfully it ran on hardware (a P40, I think) that 
exists only in museums.

-- Dave


More information about the cryptography mailing list