stackinspector
commented
1 year ago Do the [u64; 5] buffer used in the keccak function need to be zeroized on drop if using in sensitive cases? The version I forked and heavily modified implements zeroize on drop, and I have no idea about this.
Zeroize while dropping prevents accidental leakage of keccak state, which helps improve security when used in sensitive cases such as stream ciphers. Most of RustCrypto's cryptography projects have optional zeroize support. Despite the original intent of the library seems to be as tiny as possible, I don't think adding an optional support significantly bloats it.