Evgeny Kurnevsky
Evgeny Kurnevsky
Looks like `NewAead::new` should take key by value, otherwise it won't be zeroed properly.
Yeah, looks like you are right. So this means currently there is no way to use `aead` ciphers safely if you don't zero memory manually...
I actually had in mind a case when we need to create `aead` from `rng`, with no need to store the key anywhere except memory. The only way to do...
On the second thought if a key is stored in a stack then it'll likely be moved, and `drop` won't help in this case. So probably we shouldn't care that...
> That would still be a move which would copy the key to within the struct. Actually it won't, because this struct is a simple wrapper. The only case I...
Here found a blogpost on this: https://benma.github.io/2020/10/16/rust-zeroize-move.html And since `aead` stores data in stack it applicable to it as well.
> How about putting this into tox monorepo? Agree, it would simplify things.
> -m state --state NEW -m tcp It makes sense only if we allow `related` and `established` states somewhere else. > iptables -A OUTPUT -p udp --dport 33445 -j ACCEPT...
Also these rules should be applied for both for IPv4 and IPv6 via `iptables` and `ip6tables`.
> The main drawback of this approach is that it violates the subcommand semantics: config is not an action. It can be considered as action "read config and run node",...