lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Aug 2013 22:32:32 -0400
From: Daniel Franke <dfoxfranke@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] C99 in reference implementations

Everything below is fine by me, but how about <stdbool.h>?

Marsh Ray <maray@...rosoft.com> writes:

> *Proposed* guidance for developers/submitters:
>
> Developers ought to be able to count on ...
>
> #include <stdint.h>
>
> ... as making available ...
>
> intN_t, uintN_t, for 8 <= N <= 32 (and N a power of 2 obviously)
>
> ... in the global namespace.
>
> So you should be able to avoid having to work this out yourself or
> make assumptions about the size of int/long/longlong.
> [Rationale: It's 2013. Pre-stdint.h compiler users can adapt.]
>
> Calls to malloc()/free() ought to be the preferred method of acquiring
> and releasing memory for memory-hard functions.
> [Rationale: They are the standard method and easy to swap out if needed]
>
> Developers should use a function like secure_wipe(p, n) to wipe
> sensitive data from memory before free()ing. This can be defined like:
> void secure_wipe(void * p, size_t cnt_bytes)
> {
>     // TODO use SecureZeroMemory or equivalent on platforms which provide it.
>     memset(p, 0, cnt_bytes);
> }
> [Rationale: see
> http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx ]
>
> Will this work for everyone?
>
> - Marsh

Powered by blists - more mailing lists