I am concerned about the performance impact of the use of 'volatile'
memory access because it means that all access to the memory region
must be performed without use of memory caches.



> You are worried about a performance impact of clearing a small password buffer?  I 
> would think the idea of changing memset() to a more secure function is an excellent 
> idea and well worth a couple of days of delay.  Heck, I have been waiting for 
>release 
> 0.9.7 for a couple of years!
> 
> Ken
> 
> > I thought making a memset() look-alike (somewhere in the discussion,
> > "setmem()" was proposed) was enough to prevent it.  No?
> 
> There were three suggestions made that I had seen that appeared to
> work:
> 
>  . change all password buffers to volatile
> 
>  . replace memset() with your own function not called memset
> 
>  . use compiler specific command line options to turn off this
>    optimization
> 
> The problem with the first two is that they do have significant
> performance impacts.
> 
> The problem with the last is that we do not want to need to know the
> command line options for each and every compiler.
> 
> 
>  Jeffrey Altman * Sr.Software Designer     Kermit 95 2.0 GUI available now!!!
>  The Kermit Project @ Columbia University  SSH, Secure Telnet, Secure FTP, HTTP
>  http://www.kermit-project.org/            Secured with MIT Kerberos, SRP, and 
>  [EMAIL PROTECTED]               OpenSSL.
> ___________________________________________________________________
> ___
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           
> [EMAIL PROTECTED]
> ___
> Support
> InterSoft International, Inc.
> Voice: 888-823-1541, International 281-398-7060
> Fax: 888-823-1542, International 281-398-0221
> [EMAIL PROTECTED]
> http://www.securenetterm.com
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 


 Jeffrey Altman * Sr.Software Designer     Kermit 95 2.0 GUI available now!!!
 The Kermit Project @ Columbia University  SSH, Secure Telnet, Secure FTP, HTTP
 http://www.kermit-project.org/            Secured with MIT Kerberos, SRP, and 
 [EMAIL PROTECTED]               OpenSSL.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to