删除从内存中的敏感信息 [英] Erasing sensitive information from memory

问题描述

看完<一个href=\"http://stackoverflow.com/questions/6089332/is-explicitly-clearing-zeroing-sensitive-variables-after-use-sensible\">this问题我很好奇，怎么一会做在C.当接收到来自另一个程序的信息，我们可能不得不假设内存是可写的。

After reading this question I'm curious how one would do this in C. When receiving the information from another program, we probably have to assume that the memory is writable.

我已经找到<一个href=\"http://stackoverflow.com/questions/15538366/can-memset-function-call-be-removed-by-compiler\">this说明一个普通的memset也许优化掉和<一个href=\"http://stackoverflow.com/questions/26266820/in-clang-how-do-you-use-per-function-optimization-attributes#comment41210667_26266820\">this评论指出memsets是错误的方式做到这一点。

I have found this stating that a regular memset maybe optimized out and this comment stating that memsets are the wrong way to do it.

推荐答案

您提供的例子是不是很有效：编译器可以优化出一个变量设置操作时，它可以检测有没有副作用和值不再使用。

The example you have provided is not quite valid: the compiler can optimize out a variable setting operation when it can detect that there are no side effects and the value is no longer used.

所以，如果你的code使用一些共享缓存，从多个位置访问，在 memset的将正常工作。差不多。

So, if your code uses some shared buffer, accessible from multiple locations, the memset would work fine. Almost.

不同的处理器使用不同的缓存策略，所以你可能需要使用内存屏障，以确保数据（零的）已经达到从高速缓存内存芯片。

Different processors use different caching policies, so you might have to use memory barriers to ensure the data (zero's) have reached memory chip from the cache.

所以，如果你不担心硬件层面的细节，确保编译器不能优化出操作就足够了。例如，释放它会被执行前memsetting块。

So, if you are not worried about hardware level details, making sure compiler can't optimize out operation is sufficient. For example, memsetting block before releasing it would be executed.

如果你想确保数据是从所有的硬件​​项中移除，您需要检查数据缓存是如何在平台上实现，并使用适当的code，迫使高速缓存清理，可以是多不平凡-core机。

If you want to ensure the data is removed from all hardware items, you need to check how the data caching is implemented on your platform and use appropriate code to force cache flush, which can be non-trivial on multi-core machine.

这篇关于删除从内存中的敏感信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！