Evgeny Kurnevsky

Results 130 comments of Evgeny Kurnevsky

Looks like `NewAead::new` should take key by value, otherwise it won't be zeroed properly.

Yeah, looks like you are right. So this means currently there is no way to use `aead` ciphers safely if you don't zero memory manually...

I actually had in mind a case when we need to create `aead` from `rng`, with no need to store the key anywhere except memory. The only way to do...

On the second thought if a key is stored in a stack then it'll likely be moved, and `drop` won't help in this case. So probably we shouldn't care that...

> That would still be a move which would copy the key to within the struct. Actually it won't, because this struct is a simple wrapper. The only case I...

Here found a blogpost on this: https://benma.github.io/2020/10/16/rust-zeroize-move.html And since `aead` stores data in stack it applicable to it as well.

> How about putting this into tox monorepo? Agree, it would simplify things.

> -m state --state NEW -m tcp It makes sense only if we allow `related` and `established` states somewhere else. > iptables -A OUTPUT -p udp --dport 33445 -j ACCEPT...

Also these rules should be applied for both for IPv4 and IPv6 via `iptables` and `ip6tables`.

> The main drawback of this approach is that it violates the subcommand semantics: config is not an action. It can be considered as action "read config and run node",...