Overwrite allocated memory containing password

Keats / rust-bcrypt

Easily hash and verify passwords using Bcrypt

MIT License

340 stars 49 forks source link

Overwrite allocated memory containing password #67

Closed typetetris closed 2 years ago

typetetris commented 2 years ago

Overwrite the password copy done by rust-bcrypt with zeros.

Use zeroize so it doesn't get optimized away.

Openwall bcrypt even hashes a dummy password after every real password hashed, to cleanse registers and (hopefully, might not work all the time) stack. Might be a bit over the top.

Keats commented 2 years ago

Thanks!

typetetris commented 2 years ago

Your welcome!