|
Boost : |
Subject: Re: [boost] [Boost-users] [xint] Boost.XInt formal review
From: Marsh Ray (marsh_at_[hidden])
Date: 2011-03-03 00:50:16
On 03/02/2011 07:31 PM, Scott McMurray wrote:
>
> I'm not convinced that either of those answers are correct, since
> neither prevents the OS from swapping the memory to disk while it
> contains secret data.
(Or your cloud provider from migrating your whole OS image across a
network.)
> To me, it seems that Boost isn't the place for anything that claims to
> be "secure", since the community is unsufficiently skilled in
> interpretive dance: see
> <http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html>,
> or specifically
> <http://2.bp.blogspot.com/_Zfbv3mHcYrc/Sre5JqBKZyI/AAAAAAAABn8/Op-n-e0JVaA/s1600-h/aes_act_3_scene_02_agreement_1100.png>
> :)
+1
There are some not-entirely-unheard of operating systems that emit
detectable patterns from /dev/random. Libraries like OpenSSL dedicate
large amounts of code to secure random generation for this sort of
reason. But they're still vulnerable to a Debian maintainer changing
something he doesn't understand.
The RSA example is a great way to demonstrate bigint libraries - and a
terrible thing to actually use it for.
I suggest any wording suggesting "cryptographically secure" be avoided.
Even dedicated purpose cryptographic libraries written and maintained by
experts are still weeding out the tiny bugs and timing and cache
side-channel attacks years later.
- Marsh
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk