Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Sep 2015 13:54:38 -0400
From: David Edelsohn <>
To: Zack Weinberg <>
Cc: GCC Development <>, GNU C Library <>,
Subject: Re: Compiler support for erasure of sensitive data

On Wed, Sep 9, 2015 at 12:36 PM, Zack Weinberg <> wrote:

> The ABI dictates basically everything you see.  The call to
> explicit_bzero has forced the compiler to *create* a second copy of
> the variable `k` on the stack, just so it can be erased -- and the
> copy in registers survives (at least for a short time), which is not
> what the programmer wanted.  With or without explicit_bzero, we have
> no way of getting rid of the copy in registers.  More complicated
> scenarios of course exist.

> Comments?  Please note that I do not have anything like the time
> required to implement any of this myself (and I'm ten years out of
> practice on GCC and have no experience whatsoever with Clang,
> anyway).  I'm hoping this catches someone's interest.

What level of erasure of sensitive data are you trying to ensure?
Assuming that overwriting values in the ISA registers actually
completely clears and destroys the values is delusionally naive.

Most modern hardware architectures have hardware capabilities to
encrypt and protect sensitive data.

- David

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.