C++ Logo

std-proposals

Advanced search

Re: Another approach to p1315r5 (secure_clear)

From: Miguel Ojeda <miguel.ojeda.sandonis_at_[hidden]>
Date: Sun, 16 Aug 2020 19:48:58 +0200
Hi Marcin,

On Sun, Aug 16, 2020 at 7:19 PM Marcin Jaczewski via Std-Proposals
<std-proposals_at_[hidden]> wrote:
>
> I was thinking about different solution that do the opposite, this
> means you are not guaranteed any writes or reads to memory, this is at
> first sight insane, but if your password was never in that memory you
> do not clean anything, isn't it?

I am not sure I understand what you are proposing. The current
revision of the paper does indeed suggest that implementations should
ideally be free to avoid using any memory if the information wasn't
there to begin with. However, in the general case it does not fit and
needs to be covered since it is a common use case.

> __secret auto j = i; //keyword, attribute, or special class?

The first revision of the paper proposed a RAII class for this (built
on top of the secure_clear() mechanism), but the committee decided to
reduce the scope of the proposal to standardize the basics first.

Attributes (for objects or for entire functions) have also been
discussed a few times, but it is not the current practice by users and
there is not much implementation experience either.

Cheers,
Miguel

Received on 2020-08-16 12:52:35