在iOS中从内存中清除敏感数据的正确方法是什么？ [英] What is the correct way to clear sensitive data from memory in iOS?

问题描述

我想在我的iOS应用中清除内存中的敏感数据。
在Windows中，我曾经使用过SecureZeroMemory。现在，在iOS中，我使用普通的memset，但我有点担心编译器可能会优化它：
https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/771-BSI.html

I want to clear sensitive data from memory in my iOS app. In Windows I used to use SecureZeroMemory. Now, in iOS, I use plain old memset, but I'm a little worried the compiler might optimize it: https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/771-BSI.html

代码段：

 NSData *someSensitiveData;
 memset((void *)someSensitiveData.bytes, 0, someSensitiveData.length);

推荐答案

释义771-BSI（链接见OP）：

Paraphrasing 771-BSI (link see OP):

避免编译器优化的memset调用的一种方法是在memset调用之后再次访问缓冲区，这会强制编译器不优化位置。这可以通过

A way to avoid having the memset call optimized out by the compiler is to access the buffer again after the memset call in a way that would force the compiler not to optimize the location. This can be achieved by

*(volatile char*)buffer = *(volatile char*)buffer;

memset（）之后。

事实上，你可以写一个 secure_memset（）函数

In fact, you could write a secure_memset() function

void* secure_memset(void *v, int c, size_t n) {
    volatile char *p = v;
    while (n--) *p++ = c;
    return v;
}

（代码取自771-BSI。感谢Daniel Trebbien指出上一个代码提案可能存在缺陷。）

(Code taken from 771-BSI. Thanks to Daniel Trebbien for pointing out for a possible defect of the previous code proposal.)

为什么 volatile 会阻止优化？请参阅 https://stackoverflow.com/a/3604588/220060

Why does volatile prevent optimization? See https://stackoverflow.com/a/3604588/220060

更新请同时阅读内存中的敏感数据，因为如果你的iOS系统上有一个对手，甚至在他试图读取内存之前，你已经或多或少地被搞砸了。在摘要中，SecureZeroMemory（）或secure_memset（）实际上没有帮助。

UPDATE Please also read Sensitive Data In Memory because if you have an adversary on your iOS system, your are already more or less screwed even before he tries to read that memory. In a summary SecureZeroMemory() or secure_memset() do not really help.

这篇关于在iOS中从内存中清除敏感数据的正确方法是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！