| |
@@ -130,3 +130,36 @@
|
| |
Generating randomness for cryptographic keys in long-term use
|
| |
may need different steps and is best left to cryptographic
|
| |
libraries.
|
| |
+
|
| |
+ == Removing Sensitive information from memory
|
| |
+
|
| |
+ Sensitive data such as password, cryptographic keys etc, should be removed
|
| |
+ from memory as soon as possible, once this information is no longer required.
|
| |
+
|
| |
+ However compiler optimizations make this erasure operation difficult, since the
|
| |
+ compiler deems this code as unnecessary and often removes it from the compiled
|
| |
+ binary. For example a call to memset or a loop which zero's out each byte of
|
| |
+ an array may be optimized out during compilation.
|
| |
+
|
| |
+ This problem can be addressed by using `explicit_bzero()`. Calls to this
|
| |
+ function are never optimized by the compiler.
|
| |
+
|
| |
+ However, as per the `explicit_bzero()` documentation there are some
|
| |
+ things to consider:
|
| |
+
|
| |
+ * The `explicit_bzero()` function does not guarantee that sensitive data is
|
| |
+ completely erased from memory. For example, there may be copies of the
|
| |
+ sensitive data in a register and in "scratch" stack areas. The
|
| |
+ `explicit_bzero()` function is not aware of these copies, and can't erase them.
|
| |
+
|
| |
+ * In some circumstances, `explicit_bzero()` can decrease security. If the
|
| |
+ compiler determined that the variable containing the sensitive data could
|
| |
+ be optimized to be stored in a register (because it is small enough to fit
|
| |
+ in a register, and no operation other than the `explicit_bzero()` call
|
| |
+ would need to take the address of the variable), then the `explicit_bzero()`
|
| |
+ call will force the data to be copied from the register to a location in
|
| |
+ RAM that is then immediately erased (while the copy in the register remains
|
| |
+ unaffected). The problem here is that data in RAM is more likely to be
|
| |
+ exposed by a bug than data in a register, and thus the `explicit_bzero()`
|
| |
+ call creates a brief time window where the sensitive data is more vulnerable
|
| |
+ than it would otherwise have been if no attempt had been made to erase the data.
|
| |
Signed-off-by: Huzaifa Sidhpurwala huzaifas@redhat.com