[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7419 [Tor]: Choose a faster memwipe implementation

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7419 [Tor]: Choose a faster memwipe implementation
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 25 Mar 2013 11:13:56 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 25 Mar 2013 07:14:04 -0400
In-reply-to: <045.cc4327c595b29b59baa71caf4ff3f1c2@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.cc4327c595b29b59baa71caf4ff3f1c2@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7419: Choose a faster memwipe implementation
-------------------------+--------------------------------------------------
 Reporter:  nickm        |          Owner:                  
     Type:  enhancement  |         Status:  new             
 Priority:  normal       |      Milestone:  Tor: unspecified
Component:  Tor          |        Version:                  
 Keywords:  tor-relay    |         Parent:                  
   Points:               |   Actualpoints:                  
-------------------------+--------------------------------------------------

Comment(by mo):

 hoppy on #nottor:

 so a while ago it was pointed out to me that I should not count on memset
 to zero sensitive memory because it could be optimized out, and was
 pointed to a Tor ticket (by NickM) that discussed this same thing in Tor
 and the solution suggested in that ticket was to use openssl cleanse
 instead
 but the ticket also pointed out that this was a heavy handed solution and
 there should be something better thought up and today I told this to
 somebody else who is developing a security program , to make sure to not
 use memset like I was in case they were, and to use openssl cleanse
 instead, and they said that a better solution is to use the word volatile
 in the cast because then the compiler doesn't optimize it out
 http://www.lix.polytechnique.fr/~liberti/public/computing/prog/c/C/SYNTAX/volatile.html
 so maybe that is better for Tor too , I dunno, just passing it on

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7419#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #8507 [Ooni]: Add support for both PyGeoIP and (CPython) GeoIP
Next by Author: [tor-bugs] #8586 [Trac]: Add ability to watch wiki pages
Previous by thread: Re: [tor-bugs] #8585 [Torsocks]: Figure out why weechat+ssl don't play nice with torsocks
Next by thread: [tor-bugs] #8586 [Trac]: Add ability to watch wiki pages
Index(es):
- Author
- Thread