Fill BlindingFactor with zeros on Drop #2847
Conversation
|
We use |
antiochp
added
the
release notes
|
FYI, The better way to implement it is using the Pin struct or just putting it in a smart pointer(i.e Box) so that only the pointer will be copied and not the data itself |
|
@elichai could you elaborate on why drop is not called when a cloned value gets out of its scope? |
|
@hashmap because semantically when you pass something by value it's not dropped. |
|
@elichai 👍
Could you please also demo this in your example? |
|
@garyyu With Box: https://play.rust-lang.org/?gist=26f5b9609348f4b6e287bf808ab0161a The problem is that even though it works it's not guaranteed, Wrapping the Box in Pin guarantees it (e.g. https://play.rust-lang.org/?gist=3a3fabc5c44b3017b64dee1d22169d45 ) |
|
Maybe we could also use mlock to prevent paging to disk? |
|
I think that paging is a whole different conversation that deserves its own issue |
👍 Thanks, now I understand. Would you mind to submit PRs to fix this? |
This is a first (and probably naïve) step towards security of sensitive data such as
BlindingFactor.In response to #2218. Cleaning of
secp'sSecretKeyand wallet's mnemonic should be done in corresponding modules.This PR:
Zeroizederive forBlindingFactorin a way that underlying byte array is filled with zeroesCopyderive fromBlindingFactorsince it is impossible to implement bothDropandCopyat the same time. All implicit copying were replaced with more explicit.clone()BlindingFactorzeroingSome references:
dalek-cryptography/curve25519-dalek#11
rust-lang/rfcs#2533
https://www.youtube.com/watch?v=cQ9wTyYCdNU
Feedback is highly appreciated!