|
|
Boost : |
From: Vinnie Falco (vinnie.falco_at_[hidden])
Date: 2024-07-09 12:57:25
On Tue, Jul 9, 2024 at 5:28 AM Ruben Perez via Boost <boost_at_[hidden]>
wrote:
> * Have you faced this issue before?
> * Do you think this is something we (as Boost authors) should care
> about, or am I thinking too much?
> * Do you think a library implementing secure string/array/buffer
> classes would be a valuable addition to Boost?
>
Such a library would be quite useful, but when I was working at Ripple our
investigation concluded that it would be difficult to impossible to
implement it portably in a way that could make security guarantees. I would
suggest that you do not bother, as you will face many incredibly annoying
obstacles at every step of the way which conspire to make your
implementation fail in common cases.
P1315 is still making its way through WG21 I believe. Note that this
proposal was adopted for C:
https://open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1315r3.html
In my opinion a secure erase function which works most of the time but not
all of the time is worse than not having it at all, as it may imply false
claims about security. That said, I have asked an expert again for more
details, which you can follow here:
https://x.com/FalcoVinnie/status/1810654344607633515
Of course, I could be wrong and it is possible that newer operating systems
offer robust facilities for ensuring that secrets are not leaked. This
would require platform-specific implementation. If there is sufficient
support for the popular platforms, it is worth exploring making into a
Boost library.
Thanks
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk