Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: storing crypto key in CPU registers
Date: Mon Jan 12 2004 - 13:15:41 CST
It would seem like a cool idea but I can think of a couple of drawbacks.
I'm not a kernel
hacker or anything but it seems to me that unless your security app is an
actual part of
the operating system kernel (easy if Linux, tough if Windows), every time
system does a context switch your crypto key stored in a register would get
RAM along with all the other pertinent info (gen'l purpose registers, stack
So your key would wind up back in storage anyway. Presumably other user
can't "see" your data but if we're assuming the system is compromised I
think you would
have to also assume the intruder has super user/administrator/root
authority and therefore
CAN see your private storage areas. If you patch the OS you would also
have to know
which floating point registers are REALLY used by your kernel and which
ones are just
"reserved for future use" and therefore available for you to reserve and
your kernel patch.
Just my two cents,
Michel D. Lowe
<stuartcyberdeli To: secprogsecurityfocus.com
Subject: storing crypto key in CPU registers
Please respond to
Just a thought:
Whilst reading some compiler documentation the point was made that
"The Intel x86 chips offer eight 32-bit registers, while the x87
numeric coprocessor sports another eight 80-bit floating point
Some of these registers are used internally. But maybe at least one
of them is available to store up to 80 bits of crypto key, in a
location that is not coredumped or swapfiled?
Multiple registers could be combined to store a larger keysize.
Previous discussion has commented that storing a key for programmatic
access is unavoidably insecure. While storing keys in registers on
the CPU itself does not rectify the problem, it might potentially
reduce the number of avenues of attack available.
stuart at cyberdelix dot net - http://www.cyberdelix.net/
..revolution through evolution
want to make some cash? check out