|
|
Boost : |
Subject: Re: [boost] [Boost-users] [xint] Boost.XInt formal review
From: Scott McMurray (me22.ca+boost_at_[hidden])
Date: 2011-03-02 20:31:07
On Wed, Mar 2, 2011 at 06:16, Christopher Jefferson
<chris_at_[hidden]> wrote:
>
> The 'secure' flag at the moment I believe cannot be trusted to work. Compilers can, and do, optimise out memset if it can prove the memory will not be changed again.
>
> [...]
>
> The short answer is:
>
> [...]
>
I'm not convinced that either of those answers are correct, since
neither prevents the OS from swapping the memory to disk while it
contains secret data.
To me, it seems that Boost isn't the place for anything that claims to
be "secure", since the community is unsufficiently skilled in
interpretive dance: see
<http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html>,
or specifically
<http://2.bp.blogspot.com/_Zfbv3mHcYrc/Sre5JqBKZyI/AAAAAAAABn8/Op-n-e0JVaA/s1600-h/aes_act_3_scene_02_agreement_1100.png>
:)
~ Scott
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk
