zero-ing is not enough

Kagamin via Digitalmars-d digitalmars-d at puremagic.com
Tue Sep 9 07:26:09 PDT 2014


On Tuesday, 9 September 2014 at 13:05:34 UTC, matovitch wrote:
> I am by no mean a security expert and this article scared me *a 
> lot*. Are there any truly secure TLS implementation ?
>
> There may be room for an @crypto attribute where the stack, the 
> registers or the dynamically allocated memory would be zeroed 
> out in the end ? But as stated in the comments, it's probably 
> more of an OS job since a program may always crash.

I'd say, it's easier to steal the entire key sitting in your heap 
(as heartbleed did it) than gather obscure traces from registers.


More information about the Digitalmars-d mailing list