Secure Deletion of Keys and Passwords

micchickenburger / cryptotools

A versatile cryptographic tool for data hashing, encryption, decryption, digital signing, password security, and secure random number generation, entirely in the browser.

https://cryptotools.dev

GNU General Public License v3.0

3 stars 1 forks source link

Secure Deletion of Keys and Passwords #14

Open micchickenburger opened 11 months ago

micchickenburger commented 11 months ago

In JavaScript, there is no control over garbage collection. There is some thought that one could overwrite a TypedArray with zeros or random values to overwrite a secret in memory. Before implementing this, however, I would like to verify that this is actually the case (not just that a new TypedArray is created in memory with the new values and the old array is dereferenced and scheduled for deletion by the garbage collector, for instance.)

micchickenburger commented 7 months ago

you could implement a custom virtual dom and an input component yourself. hook into the keypress events and update/append to a buffer with the key pressed, and immediately overwrite the vdom before it can be GC'd, then overwrite the buffer when you're done with it.

From #43