Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Zeroisation
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Software== In modern [[software]] based cryptographic modules, zeroisation is made considerably more complex by issues such as [[virtual memory]], [[compiler]] [[optimization (computer science)|optimisation]]s<ref>{{cite web|url=https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/771-BSI.html |title=MEMSET |access-date=March 21, 2013 |url-status=dead |archive-url=https://web.archive.org/web/20130221133145/https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/771-BSI.html |archive-date=February 21, 2013 }}</ref> and use of [[flash memory]].<ref>{{cite web|url=http://cio.nist.gov/esd/emaildir/lists/cc-cmt/msg01706.html |title=Archived copy |access-date=March 21, 2013 |url-status=dead |archive-url=https://web.archive.org/web/20130307044459/http://cio.nist.gov/esd/emaildir/lists/cc-cmt/msg01706.html |archive-date=March 7, 2013 }}</ref> Also, zeroisation may need to be applied not only to the key, but also to a [[plaintext]] and some intermediate values. A cryptographic software developer must have an intimate understanding of [[memory management]] in a machine, and be prepared to zeroise data whenever a sensitive device might move outside the security boundary. Typically this will involve overwriting the data with zeroes, but in the case of some types of [[non-volatile storage]] the process is much more complex; see ''[[data remanence]]''. As well as zeroising data due to memory management, software designers consider performing zeroisation: * When an application changes mode (e.g. to a test mode) or user; * When a [[computer process]] changes [[computer security|privileges]]; * On termination (including abnormal termination); * On any error condition which may indicate instability or tampering; * Upon user request; * Immediately, the last time the parameter is required; and * Possibly if a parameter has not been required for some time. Informally, software developers may also use '''zeroise''' to mean any overwriting of sensitive data, not necessarily of a cryptographic nature.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)