Am Dienstag, den 15.01.2019, 15:20 +0100 schrieb Florian Weimer:
> * Simo Sorce:
>
> > > Maybe the stub implementation should just overwrite the argument
> > > with
> > > zeros.
> >
> > I wouldn't overwrite with zeros because then it is clear the
> > encryption
> > failed and if it is used in non-orthodox ways could give an attacker
> > a
> > way to exploit the zeroing.
> >
> > (for example if someone uses it to encrypt a password, instead of
> > hashing it and then compare to some stored value, then zeroing might
> > be
> > a bad choice as all invocations will always return the same value
> > and
> > would always compare "right")
>
> That's a fair point. Overwriting with random data seems better.
> (There's precedent for doing that on decryption failures, too.)
>
> Thanks,
> Florian
Thanks for the thoughts and a easy solution, guys! I've updated the
description and documentation of the proposal accordingly:
> The encrypt{,_r} function will - for security reasons - additionally
> overwrite the data-block argument with random data.
Björn
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
