C - 在RAM中运行程序
[英]C - Running a program in RAM
问题描述
I have a program that XORs two files together using one time pad encryption. 
我有一个程序,使用一次性密码加密将两个文件进行异或。 As the keyfile is of such sensitive nature I don't want any traces of the keyfile to appear on the computers hard drive as that could compromise security. 由于密钥文件具有如此敏感的特性,我不希望密钥文件的任何痕迹出现在计算机硬盘驱动器上,因为这可能会危及安全性。
The question is, how do I run the program in RAM so as to avoid any traces being left on the HD? 问题是,如何在RAM中运行程序以避免在HD上留下任何痕迹? Alternatively, will running the program from a flash drive contain traces of the keyfile to the flash drive? 或者,从闪存驱动器运行程序是否包含闪存驱动器的密钥文件的痕迹?
Below is how the keyfile is treated in the program: 下面是程序中如何处理密钥文件:
/* Check if keyfile can be opened. */
if((keyfile = fopen(argv[3], "rb"))== NULL)
{
printf("Can't open keyfile.\n");
printf("Please enter a valid filename.\n");
printf("USAGE: OTP <source file> <output file> <keyfile>\n");
perror("Error");
return(1);
}
/* Get size of keyfile */
fstat(fileno(keyfile), &keybuf);
/* Check if keyfile is the same size as, or bigger than the sourcefile */
if((keybuf.st_size) < (statbuf.st_size))
{
printf("Source file is larger than keyfile.\n");
printf("This significantly reduces cryptographic strength.\n");
printf("Do you wish to continue? (Y/N)\n");
fgets(buffer, 20, stdin);
sscanf(buffer, "%c", &ans);
if(ans == 'n' || ans == 'N')
{
return (1);
}
if(ans == 'y' || ans == 'Y')
{
printf("Proceeding with Encryption/Decryption.\n");
}
/* Encrypt/Decrypt and write to output file. */
while(count < (statbuf.st_size))
{
key=fgetc(keyfile);
data=fgetc(sourcefile);
output=(key^data);
fputc(output,destfile);
count++;
}
/* Close files. */
fclose(keyfile);
fclose(sourcefile);
fclose(destfile);
I came across an inram function when googling this, but that didn't seem to be what I needed. 谷歌搜索时遇到了一个inram函数,但这似乎不是我需要的。
1 个解决方案
解决方案1
4 已采纳 2012-10-16 15:14:55
I assume you're reading the keyfile from some external media and you are worried about the process being swapped to disk along with the I/O buffers containing the OTP. 我假设您正在从某些外部介质读取密钥文件,并且您担心将进程与包含OTP的I / O缓冲区交换到磁盘。 You are probably equally concerned about the plaintext being written. 您可能同样关注正在编写的明文。 If you are on a posix system (like linux) then you should look into the mlock and mlockall functions. 如果您使用的是posix系统(如linux),那么您应该查看mlock和mlockall函数。 These calls will lock memory pages into RAM and prohibit their swapping to disk. 这些调用会将内存页锁定到RAM中并禁止它们交换到磁盘。 The man page specifically calls out the security use case for these calls. 手册页专门为这些调用调出安全用例。 Another option might be to mmap the files. 另一种选择可能是mmap文件。 Though it doesn't carry the same guarantee, since the mapped pages will be backed by the external media I doubt they'd appear in the swap space. 虽然它没有相同的保证,但由于映射的页面将由外部媒体支持,我怀疑它们会出现在交换空间中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.