zero-ing is not enough
matovitch via Digitalmars-d
digitalmars-d at puremagic.com
Tue Sep 9 06:05:33 PDT 2014
On Tuesday, 9 September 2014 at 07:09:52 UTC, bearophile wrote:
> John Colvin:
>
>> http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html
>>
>> D could incorporate something like this, no?
>
> See:
> https://d.puremagic.com/issues/show_bug.cgi?id=10661
>
> Walter seems OK with adding something like that to the D
> intrinsics.
>
> Bye,
> bearophile
I am by no mean a security expert and this article scared me *a
lot*. Are there any truly secure TLS implementation ?
There may be room for an @crypto attribute where the stack, the
registers or the dynamically allocated memory would be zeroed out
in the end ? But as stated in the comments, it's probably more of
an OS job since a program may always crash.
More information about the Digitalmars-d
mailing list