Zeroing sensitive memory chunks [Was: Security Flaw in Popular
Disk Encryption Technologies]
rea-fbsd at codelabs.ru
Tue Feb 26 19:49:41 UTC 2008
Gregory, good day.
Tue, Feb 26, 2008 at 07:42:17PM +0100, gregoryd.freebsd at free.fr wrote:
> Quoting Eygene Ryabinkin <rea-fbsd at codelabs.ru>:
> > *) New function OPENSSL_cleanse(), which is used to cleanse a section of
> > memory from it's contents. This is done with a counter that will
> > place alternating values in each byte. This can be used to solve
> > two issues: 1) the removal of calls to memset() by highly optimizing
> > compilers, and 2) cleansing with other values than 0, since those can
> > be read through on certain media, for example a swap space on disk.
> > [Geoff Thorpe]
> > The '1)' is what I was talking about. '2)' is not very clear to
> > me now, I should research what Geoff meant. If anyone has an idea,
> > please comment.
> I thought it might mean that on certain media, such as disks, data
> can be read even after it has been overwriten a certain number of
> times (magnetic properties of the media, this is a method used by
> some police labs to recover lost data, I've been told, but maybe
> the man was just a paranoid). So even "cleansing" a crypted swap
> space this way would not render it safe (you would have to repeat
> it enough times so that the layers are definitively overwritten)
Yes, Geoff just responded to my private question: it was Peter
Gutmann, who pointed him to the thing you're talking about. There
is a paper by Peter,
I still don't understand how cleaning of a memory area will help
to clean the swapped page, but may be there are some systems which
will update the swapped page on the memory access. May be this
even called 'read-through' -- I really don't know.
Perhaps this will help for the memory-mapped files, but may be not:
the system's write cache can collapse many successive overwrites
to just one. The mmap'ped files are using the write cache, aren't
Thanks for the comment!
More information about the freebsd-hackers