Show HN: Shrouded, secure memory management in Rust

Y	Hacker News new \| ask \| show \| jobs

Show HN: Shrouded, secure memory management in Rust (github.com)

5 points by mhluongo 83 days ago

Hi HN!

I've been building a project that handles high-value credentials in-process, and I wanted something more robust than just zeroing memory on drop. A comment on a recent Show HN[0] made me realize that awareness of lower-level memory protection techniques might not be as widespread as I thought.

The idea here is to pull out all the tools in one crate, with a relatively simple API. * mlock/VirtualLock to prevent sensitive memory from being swapped (eg the KeePass dump) * Core dump exclusion using MADV_DONTDUMP on Linux & Android * mprotect to minimize exposure over time * Guard pages to mitigate under/overflows

After some battle testing, the goal here is to provide a more secure memory foundation for things like password managers and cryptocurrency wallets.

This was a fun project, and I learned a lot - would love any feedback!

[0] - https://news.ycombinator.com/item?id=47073430