|
Boost : |
From: Andrey Semashev (andrey.semashev_at_[hidden])
Date: 2024-07-09 20:18:28
On 7/9/24 23:14, Rainer Deyke via Boost wrote:
> On 09.07.24 16:37, Andrey Semashev via Boost wrote:
>> On 7/9/24 17:29, Rainer Deyke via Boost wrote:
>>> Passwords travel along a long chain from user input to system calls. The
>>> entire chain needs to be secure or none of it is.
>>
>> Why does it have to be an "all or none" choice?
>>
>> Security is always about making life *hard enough* for the attacker so
>> that the attack is not worthwhile. It is never about making the
>> protection impenetrable, as there is simply no such thing.
>
> Security is about identifying weaknesses and reinforcing them, not about
> spraying obstacles around at random. No point in putting an extra
> strong lock on your front door while the back door is wide open and the
> east wall is missing.
>
> So: is there any real attack in the wild that can be prevented by using
> a secure string class?
A random core dump of the application is unlikely to leak the data.
A random memory access bug is unlikely to leak the data.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk