HACKERALERT / Picocrypt

A very small, very simple, yet very secure encryption tool.
GNU General Public License v3.0
2.44k stars 146 forks source link

Memory issue with Picocrypt #155

Closed BigPanda97 closed 1 year ago

BigPanda97 commented 1 year ago

I noticed that Picocrypt (new and at least the previous version, but maybe also X versions before) doesn't release RAM after operation, at least under Windows 10. So, it uses ~60 MB of RAM before encrypting something, and 1 to 2 GB RAM after the encryption, depending on using paranoid mode or not. Even when the process is completely done, it still holds the full 1 or 2 GB of RAM used. Technically, it should be possible to release all the RAM after the Argon2 key derivation is done, and go fully back to the ~60 MB after the encryption process while the program waits for a new encryption or decryption task.

HACKERALERT commented 1 year ago

Yes, it does free the memory eventually. It takes a minute or so for it to drop back down. It is possible to make it free memory immediately, but that would require the use of the debug package which probably shouldn't be used in production. Go's garbage collector often holds onto memory for longer than it needs to so it doesn't need to constantly free and allocate memory from the system, but it will eventually free memory if nothing is using it.