Security in Cancel-Lock password handling (secrets.conf)

Perry E. Metzger perry at piermont.com
Tue Oct 5 01:56:50 UTC 2021


On 10/4/21 17:25, Russ Allbery wrote:
> Julien ÉLIE <julien at trigofacile.com> writes:
>
>> 1/ Can secrets.conf remain in memory (in a struct) or should it be
>> loaded, used, erased with explicit_bzero() and freed for each article
>> injection?
> In general I'm dubious of the utility of trying to wipe secrets from
> memory and Cryptography Engineering generally recommends against bothering
> because there are so many ways to fail, but if it's easy enough to do, I
> suppose it can't hurt.  (That was the same principle under which I added
> the explicit_bzero calls to my pam-krb5 module.)
>
I'm a big believer in not adding mitigations that don't actually fit a 
particular well defined security model.

Perry




More information about the inn-workers mailing list