Boost logo

Boost :

From: Andrey Semashev (andrey.semashev_at_[hidden])
Date: 2024-07-09 14:24:19


On 7/9/24 15:57, Vinnie Falco via Boost wrote:
>
> In my opinion a secure erase function which works most of the time but not
> all of the time is worse than not having it at all, as it may imply false
> claims about security.

As far as secure erase functions go, there's no variance about whether
it works or not. It either works as specified in the contract or it has
a bug. And it's fairly easy to make it work as intended anyway.

The question is rather is the secure erase enough to consider your data
safe from leaks. It definitely is not. But not allowing it to leak into
heap and remain there for extended periods of time is a necessary step
towards better security. Even having just that protection alone is
better than not having anything at all.


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk