As Rich said: a prototype that works in our world, for our use cases. It needs l... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		brians on April 13, 2014 \| parent \| context \| favorite \| on: Akamai release source to their custom secure_mallo... As Rich said: a prototype that works in our world, for our use cases. It needs lots of work to generalize. For example, we have about ten thousand SSL private keys per machine. This, without guard pages, protects all but the first few hundred perfectly. Something else protects those first few hundred (and that something else is a lucky freak accident). If you load 1000 keys, can you extract anything past the 256th?

makomk on April 13, 2014 [–]

Did you actually test this? Because apparently someone looked at the code and found your assumptions are wrong and you're not protecting the private keys as well as you thought you were: http://lekkertech.net/akamai.txt (Also, your blog post appears to be based on the same assumptions.)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact