[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] shred: use explicit_bzero

From: Pádraig Brady
Subject: Re: [PATCH 2/2] shred: use explicit_bzero
Date: Sun, 23 Jul 2017 01:30:22 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

On 20/07/17 14:03, Paul Eggert wrote:
> * NEWS: Document this.
> * bootstrap.conf (gnulib_modules): Add explicit_bzero.
> * gl/lib/randint.c (randint_free):
> * gl/lib/randread.c (randread_free):
> * src/blake2/blake2-impl.h (secure_zero_memory):
> * src/shred.c (dopass, do_wipefd):
> Prefer explicit_bzero to memset when erasing secrets.

> +  shred now erases buffers containing secrets via the explicit_bzero
> +  function, which should be more reliable.
> +  [potential bug has always been present in 'shred']

shred doesn't have any secrets though right?
Ah I see, it used to have secrets since it originally
read the input file to seed the random number generator.
How about the attached to remove this redundant zeroing entirely?

Also I think I'll remove the explicit_bzero() from blake2
as src/blake2 is copied directly from the reference implementation.
So it would be best to change there and have a one way sync.


Attachment: shred-avoid-bzero.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]