KeePassDiceware
KeePassDiceware copied to clipboard
Shouldn't the string Generate function use ProtectedStrings?
string Generate(Options options, PwProfile profile, CryptoRandomStream random) uses normal Strings to generate a Diceware password.
However, it is used in an override that expects a ProtectedString and there a non-protected string is returned [return new ProtectedString(false, result);]
So the chosen Diceware words are plain to read from memory. I think ProtectedStrings should be used as much and as soon as possible and the normal strings should be zeroed as soon as possible.