[pornel]

My guesses:

- ability to reliably erase memory that held passwords/keys with assurance it wasn't copied accidentally. AFAIK Python doesn't guarantee zeroing of freed memory.

- type safety, error handling enforced by the type system, and race-condition-free concurrency might be an extra assurance.

[TheDong]

Can you reliably erase memory? You can't even do that in pure C in a cross platform way currently. I'd be surprised if rust offered this...

http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buf...

[gr4yf0x]

Hey,

I'm the author of KeePassC and yes these are the main reasons to write KeePassC new in Rust. I had a private repo with a C implementation, however after a friend pointed me to Rust I decided to give it a try and was immediately fascinated. The reason for the rewrite in Rust is _not_ that I'm unconvinced with the original project.

There are some problems though, as stated in another post, especially with this write_bytes-thing. But I'm working on this.

[Gankro]

What makes you think there's a reliable way to zero memory in Rust?

[pornel]

The fact that a systems programming language must have a way to do this, and Rust sort-of has: (it'd be better if it was a stable API though)

https://doc.rust-lang.org/core/intrinsics/fn.volatile_set_me...

I know it's very tricky in presence of an optimizer. The current implementation in KeePassC uses the pointer after memset in Drop, so it might be just lucky (https://github.com/raymontag/rust-keepass/issues/4).

[Retra]

I think you could just use black_box to get around the optimizer:

http://doc.rust-lang.org/1.1.0/test/fn.black_box.html

I've never actually tried it outside of tests, so I don't know if it applies here.

[nullc]

There is no such way in _C_.

C only promises the behavior of the C abstract machine. Data will randomly get spilled from registers into random places on the stack where you may be completely unable to reach them to zeroize them.

All you can do is best effort, in C-- I wouldn't expect rust to be better here.

[ben0x539]

note http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-i... too though?

[zwp]

Is this such a thing:

https://github.com/raymontag/rust-keepass/blob/2b7b701b69541...

    unsafe { ptr::write_bytes(self.encrypted_string.as_ptr() as *mut c_void, 0u8, self.encrypted_string.len()) };

?

[drdaeman]

Python has ctypes, which allows one to access (almost) any OS-specific API for secured memory storage, like gcry_malloc_secure or CryptProtectMemory.