Consider using Memguard to protect secrets

otrv4 / ed448

A golang implementation of Ed448-Goldilocks. This is a mirror of https://bugs.otr.im/otrv4/ed448

GNU General Public License v3.0

40 stars 7 forks source link

Consider using Memguard to protect secrets #5

Open olabini opened 5 years ago

olabini commented 5 years ago

It seems https://github.com/awnumar/memguard might help us deal with buffers and so on of data that we will need to be careful with, and wipe. This is not perfect, but might be better than not doing anything.

odiferousmint commented 5 years ago

Thank you! I just made the suggestion here: https://github.com/golang/go/issues/25355?ts=2#issuecomment-527240055. It would be neat to have memguard used throughout the entire crypto library.

I would like to mention this book: https://www.schneier.com/books/cryptography_engineering/. It has a few sections dedicated to these kind of issues. It is under the chapter "Implementation Issues". Definitely worth a read.