|
|
Boost : |
Subject: Re: [boost] [Boost-users] [xint] Boost.XInt formal review
From: Chad Nelson (chad.thecomfychair_at_[hidden])
Date: 2011-03-03 10:14:42
On Wed, 2 Mar 2011 17:31:07 -0800
Scott McMurray <me22.ca+boost_at_[hidden]> wrote:
> On Wed, Mar 2, 2011 at 06:16, Christopher Jefferson
> <chris_at_[hidden]> wrote:
>
>> The 'secure' flag at the moment I believe cannot be trusted to work.
>> Compilers can, and do, optimise out memset if it can prove the
>> memory will not be changed again. [...]
>
> I'm not convinced that either of those answers are correct, since
> neither prevents the OS from swapping the memory to disk while it
> contains secret data.
A known and documented problem:
<http://www.oakcircle.com/xint_docs/structboost_1_1xint_1_1options_1_1secure.html>
> To me, it seems that Boost isn't the place for anything that claims to
> be "secure", since the community is unsufficiently skilled in
> interpretive dance: see
> <http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html>,
> or specifically
> <http://2.bp.blogspot.com/_Zfbv3mHcYrc/Sre5JqBKZyI/AAAAAAAABn8/Op-n-e0JVaA/s1600-h/aes_act_3_scene_02_agreement_1100.png>
> :)
Perhaps an alternate name for that option, then. One that wouldn't be
too much longer or too many words, but also wouldn't be misinterpreted
as providing true security... perhaps more_secure? It requires a little
less typing, and is less frightening, than less_insecure. ;-)
-- Chad Nelson Oak Circle Software, Inc. * * *
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk
