Re: Should Ada runtime provide special primitives for cryptography?

[Brad Moore <brad.moore@shaw.ca>]

On 14-10-01 07:22 AM, Dennis Lee Bieber wrote:
> On Wed, 1 Oct 2014 08:42:17 +0000 (UTC), Natasha Kerensikova
> <lithiumcat@instinctive.eu> declaimed the following:
>
>> However, when actually implementing cryptographic stuff, cleverness from
>> compiler and optimizer are often enemies. For example, overwriting a
>> buffer with zeroes might be optimized out when the buffer is not
>> accessed again.
>>
> 	Cryptographic "zeroing" does not fill a buffer with 0x00 values. One
> approved method is to:
>
> generate random sequence (in a second buffer as you'll need it again)
> copy random sequence into crypto buffer
> compare buffers to ensure data was changed
> invert the bits of the random sequence
> copy random sequence into crypto buffer
> compare to ensure all data changed
> generate second random sequence
> copy second sequence into buffer
> compare buffers
>
> The first two copy operations ensure every bit in the buffer has been
> toggled to both states -- the compares ensure you don't have a "sticky
> bit".

>

Zeroizing can be useful as well. For example, a system might zeroize its 
data to ensure critical, possibly encrypted data cannot be accessed 
after the data has been processed, or before exposing the data to an 
environment where it could be accessed.