[18419] in cryptography@c2.net mail archive
Re: Clearing sensitive in-memory data in perl
daemon@ATHENA.MIT.EDU (Jason Holt)
Mon Sep 12 08:46:57 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 12 Sep 2005 00:08:47 +0000 (UTC)
From: Jason Holt <jason@lunkwill.org>
To: Sidney Markowitz <sidney@sidney.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <4324B0D7.6020807@sidney.com>
On Mon, 12 Sep 2005, Sidney Markowitz wrote:
> Does anyone know of an open source crypto package written in perl that is
> careful to try to clear sensitive data structures before they are released to
> the garbage collector?
[...]
Securely deleting secrets is hard enough in C, much less high level languages.
I've often considered trying to write a C-based module for secret storage, but
it's problematic (although the Taint stuff looks promising) and to my
knowledge has never been done.
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
