|
|
|
|
|
|
by tedunangst
4302 days ago
|
|
|
In light of the current discussion, it's hard to make such a clean distinction. Your private key is going to be stored in a file that goes through the PEM and ASN.1 parsers. It's going to hang around for a bit while you sign stuff (using some sweet asm code), but now you need to dispose of it. The object lifetime is often much longer than we'd like even with perfect zeroing, and there are some ways to address that, but it casts a long "shadow" on the call graph, not all of which can be made minimal. In short: imperfect buffer zeroing probably reduces risk enough that it drops below several other concerns. |
|
|