Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 Jan 2015 11:31:10 +0100
From: Daniel Cegiełka <>
Subject: Re: thoughts on reallocarray, explicit_bzero?

2015-01-29 11:04 GMT+01:00 Szabolcs Nagy <>:
> * Daniel Cegie??ka <> [2015-01-29 10:30:40 +0100]:
>> yet another secure_memzero(). A better solution would be to promote a
>> single standard (eg. memset_s()) and the expectation that the compiler
>> will respect it.
> i think you don't know the semantics of memset_s
> (it uses nonsense types, has superflous arguments, handles
> constraint violations through global state etc)
> it is a complicated mess and not a good api to standardize on
> if all you want is to avoid information leak in crypto code

I gave this as an example - the intention is to have a single standard
(vs secure_memzero(), explicit_bzero(), memzero_explicit(), ...).

btw. libsodium prefers memset_s() over explicit_bzero() and over weak symbols.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.