[9fans] securing memory during password processing

[9fans] securing memory during password processing

[AUSTIN WOODARD]

Dear Rob Pike,
Hi - my name is Austin Woodard, is was reading the P9 Security paper at
the bell labs site and came across an unsolved problem of  encrytion
keys being left in memory and their being vulnerable to recovery by a
system reset using a debugger. Why not  use temporary allocated space in
memory for their use and then delete at end of use by filling that space
with all 0's or FF's. this would seem to make for more secure use of
password and key handling.  Although this process may add time to the
running of the process it would seem necessary to prevent unwanted
intrusions into ones computer. My e-mail address arwbutch@attbi.com and
would appreciate a reply if you have time. Thanks for taking the time to
consider this e-mail  --- Austin

Re: [9fans] securing memory during password processing

[David Presotto]

The problem is that there is no `end' should the system be reset.  When
the reset button gets hit, its all over.  The next boot could be a system
specially designed by the attacker.  This is especially relevant for
plan 9, since a typical way to shut down for people with diskless
machines it to just reset the machine.

However, it would be wise to zero memory should someone hit ctl-alt-del
or ^t^tr.  That's probably the most used scenario for bringing down the
system.  Factotum itself doesn't really exit and isn't killable but
it would be nice if the kernel wipes any memory of any programs with
'private' set (i.e. those that have made themselves undebuggable by
other processes) should the program exit.