You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
The finalizing function of hash algorithms doesn't clean up their previously used buffers, as a result, anyone is able to read the data from the context. This is a bad thing as if it's being used to create private hashes, it might be possible that someone can snoop the context and retrieve the hash later.
A small solution would be purging everything with explicit memset function after calling the final function, and only keeping the hash to its target location.
Something like: memset(ctx, 0, sizeof(*ctx)); at the end of the final function.
The text was updated successfully, but these errors were encountered:
Hello,
The finalizing function of hash algorithms doesn't clean up their previously used buffers, as a result, anyone is able to read the data from the context. This is a bad thing as if it's being used to create private hashes, it might be possible that someone can snoop the context and retrieve the hash later.
A small solution would be purging everything with explicit memset function after calling the final function, and only keeping the hash to its target location.
Something like:
memset(ctx, 0, sizeof(*ctx));at the end of the final function.The text was updated successfully, but these errors were encountered: