You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A friend of mine pointed to this security issue, though it's not very likely to happen.
Having passwords leak into swap memory is a potential security risk, as swap memory is open to more attack vectors than RAM is. The following module has a way of keeping certain parts in RAM via C functions and malloc, ForeignPtrs, etc.
EDIT: after mlock is also implemented, that's something they're still working on, apparently
This will need a lot of testing to make sure nothing crashes etc. But is a nice to have at some point.
EDIT: We're probably not gonna be able to keep everything out of swap memory anyway, since we need Haskell ByteStrings to use the cryptonite functions (or if passwords come in through JSON, it's already potentially in there). So this might just keep it out of swap memory a.m.a.p.
Definitely needs an effort vs. gain analysis.
The text was updated successfully, but these errors were encountered:
A friend of mine pointed to this security issue, though it's not very likely to happen.
Having passwords leak into swap memory is a potential security risk, as swap memory is open to more attack vectors than RAM is.
The following module has a way of keeping certain parts in RAM via C functions and
malloc
,ForeignPtr
s, etc.EDIT: after
mlock
is also implemented, that's something they're still working on, apparentlyThis will need a lot of testing to make sure nothing crashes etc. But is a nice to have at some point.
EDIT: We're probably not gonna be able to keep everything out of swap memory anyway, since we need Haskell
ByteString
s to use thecryptonite
functions (or if passwords come in through JSON, it's already potentially in there). So this might just keep it out of swap memory a.m.a.p.Definitely needs an effort vs. gain analysis.
The text was updated successfully, but these errors were encountered: