Re: my $key is sensitive;
Brent 'Dax' Royal-Gordon wrote in perl.perl6.language : I would like is sensitive to be defined to mean that any data stored in that variable, at any level of recursion, will be zeroed out as soon as it is garbage collected. Particular implementations can add extra features on top of that--such as stopping the VM from swapping it or even actively encrypting that area of memory--but without a minimum standard there's no point in supporting the feature at all. That really sounds like an unportable feature that should go in a module. On in many modules (Linux::VolatileVariables, etc etc)
Re: my $key is sensitive;
Brent, Why not post the original query to p6compiler for their take on it? Carl
Re: my $key is sensitive;
On Mon, Oct 03, 2005 at 22:58:28 -0700, Brent 'Dax' Royal-Gordon wrote: For the last couple days, I've been implementing a cryptographic cipher framework for Perl 6. (It's in the Pugs repository if you want to see it.) Dealing with this sort of algorithm has brought forward a feature that I think Perl 6 and Parrot ought to support. Basically, I'd like to be able to mark a variable as sensitive or secret. This implies that the language should overwrite the memory it uses before deallocating it, and that if possible it should tell the virtual memory system to avoid swapping it out. Moreover, it should probably do so recursively, and to any value that has ever been stored in the variable. (In essence, the *variable* marks all *values* it ever contains as sensitive.) This relates to the ideas I had about generalizing the taint mechanism. The idea was basically: every interaction between two pieces of data triggers a multimethod that is the event handler for that interaction With the assumption that static typing will make the calls to these things be compiled only when necessary. Once you have that then you can implement 'is sensitive' as a taint-oriented-role, that installs an event handler for the tainting container and any value, marking a runtime specific flag that means sensitive. That way the implementation of the role is simple. -- () Yuval Kogman [EMAIL PROTECTED] 0xEBD27418 perl hacker /\ kung foo master: uhm, no, I think I'll sit this one out..: neeyah! pgpWfYlGlm9JS.pgp Description: PGP signature
Re: my $key is sensitive;
Rafael Garcia-Suarez [EMAIL PROTECTED] wrote: So, such a sensitive modifier could be added, but its precise meaning would be highly dependent on the underlying implementation. Okay, but there needs to be some minimum standard for it, like the memory in question no longer contains its original contents after garbage collection. The security of the key keeping my information from the Secret Police shouldn't be compromised because the particular Perl backend I'm using doesn't implement is sensitive in a meaningful way. I would like is sensitive to be defined to mean that any data stored in that variable, at any level of recursion, will be zeroed out as soon as it is garbage collected. Particular implementations can add extra features on top of that--such as stopping the VM from swapping it or even actively encrypting that area of memory--but without a minimum standard there's no point in supporting the feature at all. -- Brent 'Dax' Royal-Gordon [EMAIL PROTECTED] Perl and Parrot hacker
Re: my $key is sensitive;
Brent 'Dax' Royal-Gordon wrote in perl.perl6.language : Basically, I'd like to be able to mark a variable as sensitive or secret. This implies that the language should overwrite the memory it uses before deallocating it, and that if possible it should tell the virtual memory system to avoid swapping it out. Moreover, it should probably do so recursively, and to any value that has ever been stored in the variable. (In essence, the *variable* marks all *values* it ever contains as sensitive.) This feature could make Perl 6 a better language for security work than any other I've seen. C and C++ could do this, but only with the programmer's assistance (by calling a wipe function or making sure a destructor is correctly called), and optimizers have been known to helpfully remove such code. Isn't the volatile modifier supposed to avoid this ? Oh, and remark that volatile is quite a high-level construct for a language like C. So, such a sensitive modifier could be added, but its precise meaning would be highly dependent on the underlying implementation. -- The universe (which others call the Library) is composed of an indefinite and perhaps infinite number of hexagonal galleries. -- Borges
Re: my $key is sensitive;
On Tue, 4 Oct 2005, Rafael Garcia-Suarez wrote: language like C. So, such a sensitive modifier could be added, but its precise meaning would be highly dependent on the underlying implementation. It would be of interest more to a perl programmer than to a Perl programmer. Like keys() as an lvalue in Perl5. Michele -- Having taken a look at that: bleech. Thanks for the constructive feedback Ben. :-) - Paul Marquess to Ben Morrow in clpmisc
my $key is sensitive;
For the last couple days, I've been implementing a cryptographic cipher framework for Perl 6. (It's in the Pugs repository if you want to see it.) Dealing with this sort of algorithm has brought forward a feature that I think Perl 6 and Parrot ought to support. Basically, I'd like to be able to mark a variable as sensitive or secret. This implies that the language should overwrite the memory it uses before deallocating it, and that if possible it should tell the virtual memory system to avoid swapping it out. Moreover, it should probably do so recursively, and to any value that has ever been stored in the variable. (In essence, the *variable* marks all *values* it ever contains as sensitive.) This feature could make Perl 6 a better language for security work than any other I've seen. C and C++ could do this, but only with the programmer's assistance (by calling a wipe function or making sure a destructor is correctly called), and optimizers have been known to helpfully remove such code. Many higher-level languages, including Perl 5, make it hard to know when a piece of data is being overwritten, rather than a pointer being changed. -- Brent 'Dax' Royal-Gordon [EMAIL PROTECTED] Perl and Parrot hacker
