Security in Cancel-Lock password handling (secrets.conf)
Perry E. Metzger
perry at piermont.com
Tue Oct 5 01:56:50 UTC 2021
On 10/4/21 17:25, Russ Allbery wrote:
> Julien ÉLIE <julien at trigofacile.com> writes:
>
>> 1/ Can secrets.conf remain in memory (in a struct) or should it be
>> loaded, used, erased with explicit_bzero() and freed for each article
>> injection?
> In general I'm dubious of the utility of trying to wipe secrets from
> memory and Cryptography Engineering generally recommends against bothering
> because there are so many ways to fail, but if it's easy enough to do, I
> suppose it can't hurt. (That was the same principle under which I added
> the explicit_bzero calls to my pam-krb5 module.)
>
I'm a big believer in not adding mitigations that don't actually fit a
particular well defined security model.
Perry
More information about the inn-workers
mailing list