rustic_core icon indicating copy to clipboard operation
rustic_core copied to clipboard

Published 20 hours ago verified publisher icon rustic-rs

Implement zeroing memory for Password and other privacy/security related things

Open simonsan opened this issue 2 years ago • 2 comments

Trait: Zeroize: Securely zero memory with a simple trait (Zeroize) built on stable Rust primitives which guarantee the operation will not be “optimized away”.

use secrecy::{CloneableSecret, DebugSecret, ExposeSecret, Secret, Zeroize};

pub struct Password(String);

impl Zeroize for Password {
    fn zeroize(&mut self) {
        self.0.zeroize();
    }
}

impl DebugSecret for Password {}
impl CloneableSecret for Password {}

/// Our Secret Password
pub type SecretPassword = Secret<Password>;

https://crates.io/crates/secrecy

related: https://github.com/rustic-rs/rustic/issues/534

simonsan avatar Jun 06 '23 06:06 simonsan

This should be already done in the crypto crates, i.e. aes256ctr_poly1305aes.

However, you are right - this holds for the AES and MAC key, but not for the password given by the user. There might be also other sensitive information like connection parameters.

aawsome avatar Jun 07 '23 05:06 aawsome

Actually, this is not yet done in aes256ctr_poly1305aes. So this should be also an issue there...

aawsome avatar Jul 05 '23 22:07 aawsome