Closed Absolucy closed 3 years ago
Thanks for your suggestion.
I don't think this is a good idea, as it provides a false sense of security. Many of the primitives included make copies of secret (parts of) states on the stack, all of which would not be covered or protected by zeroize
. This especially holds for schemes like where the secret is mostly just a seed that's later expanded into eg. a lattice. Even though that's all on the much more volatile stack than the heap, where the simple_struct!
defined macros might be moved to, we should not give the impression that you don't need the memory isolation provided by the operating system to keep secret memory values secure.
So I'm closing this PR, but if you have a convincing argument/use case that does motivate a need I'd be happy to hear it and reopen this PR.
This adds a
zeroize
feature to all crates, which enabled, implementszeroize::Zeroize
on all structs made via thesimple_struct!
macro - which is most public/private key structs, allowing for secure (won't be optimized out) zeroization for all in-memory keys.