Open simonsan opened 1 year ago
This should be already done in the crypto crates, i.e. aes256ctr_poly1305aes.
However, you are right - this holds for the AES and MAC key, but not for the password given by the user. There might be also other sensitive information like connection parameters.
Actually, this is not yet done in aes256ctr_poly1305aes. So this should be also an issue there...
https://crates.io/crates/secrecy
related: https://github.com/rustic-rs/rustic/issues/534