Skip to content

Commit

Permalink
Wipe sensitive data after its use
Browse files Browse the repository at this point in the history
  • Loading branch information
@GGP1
GGP1 authored and GGP1 committed Feb 26, 2023
1 parent f3c838c commit f4b14c2
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 2 deletions.
12 changes: 11 additions & 1 deletion passphrase.go
View file
Expand Up @@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"math"
"runtime"
"unicode/utf8"
)

Expand Down Expand Up @@ -87,7 +88,16 @@ func (p *Passphrase) generate() ([]byte, error) {
p.excludeWords()
}

return bytes.Join(p.words, []byte(p.Separator)), nil
passphrase := bytes.Join(p.words, []byte(p.Separator))
// Wipe sensitive data
for i := range p.words {
for j := range p.words[i] {
p.words[i][j] = 0
}
}
// Keep buf alive so preceding loop is not optimized out
runtime.KeepAlive(p.words)
return passphrase, nil
}

func (p *Passphrase) validateParams() error {
Expand Down
8 changes: 7 additions & 1 deletion password.go
View file
Expand Up @@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"math"
"runtime"
"strings"
)

Expand Down Expand Up @@ -69,7 +70,12 @@ func (p *Password) generate() ([]byte, error) {

password := p.buildPassword()
password = p.sanitize(password)

// Wipe sensitive data
for i := range p.pool {
p.pool[i] = 0
}
// Keep buf alive so preceding loop is not optimized out
runtime.KeepAlive(p.pool)
return password, nil
}

Expand Down

0 comments on commit f4b14c2

Please sign in to comment.