Is explicitly clearing/zeroing sensitive variables after use sensible?

Question

I have noticed some programs explicitly zero sensitive memory allocations after use. For example, OpenSSL has a method to clear the memory occupied by an RSA key:

\"

Answer 1

When programs/libraries like GPG and OpenSSL with sensitive cryptographic data explicitly zero memory, it has nothing to do with a fear that the memory will be "reassigned" to other programs which could read the data. This is fundamentally impossible due to the way multiprocess/multiuser operating systems work.

The reasons for zeroing data are twofold:

1. If the code is a library, you want to protect against careless information leakage by the calling program. Even though the memory that contained sensitive information cannot be reassigned to another process, freed memory can and will be reused in the same process as long as it's still running the same program image (i.e. as long as it hasn't called exec*). A buggy program might call malloc then write the buffer to disk without first filling the whole allocated object, in which case, old potentially-sensitive information could be leaked to disk. Issues of this kind exist in major real-world products like Microsoft Office (though they may have been fixed by now).

2. Even if the code is not a library but a stand-alone program, you may want to zero sensitive data in memory before freeing it for paranoia purposes. If the feds bust down your door and haul away your computer, they can subsequently examine whatever happened to be on the swap partitions. If they're careful in removing it they might even be able to examine ram contents. If you're paranoid about physical attacks, you want to ensure that passphrases, etc. do not exist anywhere in ram or on disk after they're used. Many cryptographic programs even want to have root access so they can mlockall their memory to prevent anything from getting swapped to disk (though in my view this is stupid - trading a serious risk of root compromise due to bugs in the software for paranoia about physical attack).

If you are not worried about physical attacks, or if you're sufficiently in touch with reality to realize that physical attackers probably have better ways of getting your passphrase than swap partition forensics, then reason #2 is probably mostly bogus, but most software addresses it anyway just to keep the nutcases happy. :-)