0

I am collecting sensitive form user input which, when the input has finished, I want to encrypt using asymmetric encryption.

I do not know the length of the data beforehand. I dont't want the data to be swapped out (because it is sensitive).

So I would think, that a something like a stringstream with an allocator based on libsodium_malloc/libsoium_free would be the right choice. Now in the libsodium documentation on secure memory it says:

The returned address will not be aligned if the allocation size is not a multiple of the required alignment.

For this reason, sodium_malloc() should not be used with packed structure or variable-length structures, unless the size given to sodium_malloc() is rounded up in order to ensure proper alignment.

I am not really sure what this means and if it applies to me. Why would I care for proper alignment?

Is my approach the right way to do it at all?

Nathan
  • 7,099
  • 14
  • 61
  • 125
  • This is more a programming question than a crypto question. See https://en.wikipedia.org/wiki/Data_structure_alignment. I believe you need to care about alignment, and so you should not malloc less than 64 bits. – bmm6o May 19 '15 at 16:58
  • 3
    Depends on the architecture and even the specific chip. For portability, you should keep things aligned. Simply passing sizeof (struct foo) as the size to allocate should be sufficient, what they're warning you is to not take that, then add on 5 extra bytes because you want to store a few characters right after the structure. –  May 19 '15 at 20:32
  • 1
    I'll also add that using things like stringstream is going to make securing bits and pieces with "secure memory" mostly pointless. You have no idea of the implementation, how much of what's entered is copied onto the stack or temporarily residing on the normal heap, etc. If you're going to bother with a special malloc, just go all the way and implement something using direct unbuffered read calls, with all variables stored in a "secure" structure, and zeroing things as soon as you're done. You'll still have things in OS buffers, but not much you can do about that. –  May 21 '15 at 07:43

0 Answers0