When is that applicable? I'm not saying it's not an issue, I'm just curious.
When I break in and steal your swap disk (or get it from a container after you have replaced it). As you say, it's futile to try to protect oneself against a real time attack that requires root privs.
To me, the only sane way to handle the non-real time attack is to make sure that pages are encrypted before they are swapped to disk. Using temporay keys that are destroyed regularly, preferably directly at process death. It's not entirely trivial to do, but at least somebody (Niels Provos?) implemented it for openbsd a few years ago.
It's insane to make application programs responsible for figuring out which of their data need extra protection, and "protect" it. If I'm sending a secret message using pgp, it's not enough that the memory where the keys are stored is protected in various kludgy ways, I also want the emacs buffer where I write my message to be protected.
The issue of memory protection should be addressed by the operating system.
But, *why not* have an OpenSSL glue in Pike?
Sure, I wouldn't object to that, as long as I can continue bashing it ;-)
/ Niels Möller ()
Previous text:
2003-01-28 13:41: Subject: Re: OpenSSL wrapper vs Pike's SSL (Was: Bz2)
On which systems is an SSL key in the memory an issue?
Wouldn't that require that 1) you have root access to the system, or similar and 2) that you on the same system at the same time can't do much worse things much simpler then trying to scan the memory real time, like for instance replacing the server with a version that simply mails the keys to you, or edits the transmission to your liking?
When is that applicable? I'm not saying it's not an issue, I'm just curious.
But, *why not* have an OpenSSL glue in Pike? If someone wants to use it, why not? I don't think we should tell people what to use. When I want to use something in Pike, I commit a glue for it. Then I bugfix it (removes bashisms and suchlike) and makes sure it works nicely. I don't see any problem with anyone doing that with an OpenSSL glue.
Maybe an OpenSSL glue could be used to verify the Pike SSL, and vice versa?
/ Mirar