Jeff Martin on Nostr: Dear #cryptography friends. How actually useful is zeroization as a modern computing ...
Dear #cryptography friends. How actually useful is zeroization as a modern computing security practice?
In my reading so far, it seems the only threat models that seem to care about zeroization are ones that include physical seizure of hardware. eg, a government losing control of military hardware on a battlefield.
But for us non-state-affiliated normies, it seems like the protections of modern OS memory management (eg, page scrubbing across security boundaries) should make zeroization pretty unnecessary, right?
Published at
2023-06-14 21:40:25Event JSON
{
"id": "8f6a5eb062662f0bbdd7074229d333d917bb1d47a3da4f4d6721c71116ea3c59",
"pubkey": "4b06a99655066ca3e1a19ecc4bd5c5fd5d0f106a319a8cfb3c414bdff9e17c27",
"created_at": 1686771625,
"kind": 1,
"tags": [
[
"t",
"cryptography"
],
[
"mostr",
"https://gladtech.social/users/cuchaz/statuses/110544265257581716"
]
],
"content": "Dear #cryptography friends. How actually useful is zeroization as a modern computing security practice?\n\nIn my reading so far, it seems the only threat models that seem to care about zeroization are ones that include physical seizure of hardware. eg, a government losing control of military hardware on a battlefield.\n\nBut for us non-state-affiliated normies, it seems like the protections of modern OS memory management (eg, page scrubbing across security boundaries) should make zeroization pretty unnecessary, right?",
"sig": "a14937c87e62d63c64e7892ba7b8c852f18e48255366dd903878ab960270358148bd3ca64d031deb546dd5fd330aa875c6ce4195c246e010a3181758fdeee05a"
}