www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: Re: [PATCH] wincng: Added explicit memory overwrite feature to WinCNG backend

Re: [PATCH] wincng: Added explicit memory overwrite feature to WinCNG backend

From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Sun, 18 May 2014 19:12:26 +0200

Am 18.05.2014 19:02, schrieb Daniel Stenberg:
> This option only disables the random fill of the free data, it still
> overwrites memory - only with zeros instead. So it doesn't disable
> memory overwrite at all.

You are right, originally the patch included the following hunk:

+#ifdef LIBSSH2_MEMORY_OVERWRITE
+ if (len > 0)
+ _libssh2_wincng_random(buf, len);
+#endif

instead of

+#ifdef LIBSSH2_MEMORY_OVERWRITE
+ if (len > 0)
+ _libssh2_wincng_random(buf, len);
+#else
+ if (len > 0)
+ memset(buf, 0, len);
+#endif

I changed this during the latest rebase to always at least overwrite the
data with zeros.

> A question though: is there really anyone who suggests that it is
> safer to fill the data with random data rather than just zeros? I just
> can't see the point with doing such a slow operation and waste random
> seed on this.

I don't have specific expertise in this area, but I think a reason could
be that a compiler might be tempted to optimize memset(buf, 0, len) out.

Looking at the memory erasure procedure of the Tails operating system
[1], it seems like overwriting with zeros is enough:

> Actual memory erasure process
>
> The software that performs the actual memory erasure is sdmem, which
> is part of the secure-delete package. sdmem is called using the -v
> (verbose mode) option to give feedback to the user, as well as the
> -llf options: memory is only overwritten once with zeros; this is the
> fastest available mode, and is enough to protect against every memory
> forensics attack we know of.

 [1] https://tails.boum.org/contribute/design/memory_erasure/
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2014-05-18

the libssh2 team