Quoting Eygene Ryabinkin <[EMAIL PROTECTED]>: > *) New function OPENSSL_cleanse(), which is used to cleanse a section of > memory from it's contents. This is done with a counter that will > place alternating values in each byte. This can be used to solve > two issues: 1) the removal of calls to memset() by highly optimizing > compilers, and 2) cleansing with other values than 0, since those can > be read through on certain media, for example a swap space on disk. > [Geoff Thorpe] > > The '1)' is what I was talking about. '2)' is not very clear to > me now, I should research what Geoff meant. If anyone has an idea, > please comment.
I thought it might mean that on certain media, such as disks, data can be read even after it has been overwriten a certain number of times (magnetic properties of the media, this is a method used by some police labs to recover lost data, I've been told, but maybe the man was just a paranoid). So even "cleansing" a crypted swap space this way would not render it safe (you would have to repeat it enough times so that the layers are definitively overwritten) Now I am no physics/chemics specialist, and this might not be the meaning of Geoff Thorpe: anyway you asked for an idea :-) And I would also like to know the end of it... gregory _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
