evp: simplify overall logic #12
Conversation
|
Good to merge @calvinmetcalf, I'm not sure if travis has run though, so if you could just test it locally before merge please (not at my PC right now, did this through the GitHub interface). |
|
|
||
| // zero the temporary buffer | ||
| buffer.fill(0) |
There was a problem hiding this comment.
I understand the reasoning for this, but can we even make the guarantee that the key won't be around in some other buffer?
There was a problem hiding this comment.
This doesn't make us less secure and hopefully at least lowers the number of places in memory the key sits and makes it less likely for somebody to recover it
There was a problem hiding this comment.
Sure, I'm just trying to ensure we don't give off any false assertions, this could very easily still be in memory.
There was a problem hiding this comment.
yeah we could leave a comment
On Wed, May 20, 2015 at 9:59 AM Daniel Cousens notifications@github.com
wrote:
In EVP_BytesToKey.js
#12 (comment)
:\ No newline at end of file
+
- // zero the temporary buffer
- buffer.fill(0)
Sure, I'm just trying to ensure we don't give off any false assertions,
this could very much still be in memory.—
Reply to this email directly or view it on GitHub
https://github.com/crypto-browserify/parse-asn1/pull/12/files#r30703967.
|
Sorry @calvinmetcalf this probably shouldn't have been merged. Can you please still verify. Also, if |
Just a passing refactor