Closed sonder-joker closed 2 years ago
Good catch.
Zeroing keys is technically not required, but a good practice against cold boot attacks.
Maybe we can unconditionally zero the buffer after pull()
succeeds. ArrayOutput
values are always small, so it shouldn't be a big performance hit.
Thank you!
I notice rust implementation would zero symmetric key after destory. However, when it export
It will stay in memory after
pull()
. It this safe? If not safe, should wezeroed
memory inArrayoutput
or more detail (like Arrayoutput for key)? @jedisct1