Skip to content
Snippets Groups Projects
Select Git revision
  • replace_gradle_witness
  • fix_nonlocalized_timestamp
  • fileStorage
  • implement-chunking
  • upgrade_roboletric_to_401
  • master default
  • implement-mailbox-contact-sessions
  • 541-faster-retransmission-eta
  • add_special_purpose_contacts
  • mailbox-b
  • mailbox
  • mailbox-jd
  • implement_mailbox_connection_manager
  • 1343-vanniktech-emoji
  • 541-allow-retransmission-if-faster
  • asp-temp
  • fix_performance_test_db
  • 514-allow-retransmissions-using-lower-latency-transports
  • implement-SyncSession-writer-error-handling
  • add_special_purpose_contacts_refactored
  • beta-0.16.16
  • beta-0.16.10
  • beta-0.16.11
  • beta-0.16.12
  • beta-0.16.13
  • beta-0.16.14
  • beta-0.16.15
  • beta-0.16.9
  • beta-0.16.1
  • beta-0.16.2
  • beta-0.16.3
  • beta-0.16.4
  • beta-0.16.5
  • beta-0.16.6
  • beta-0.16.7
  • beta-0.16.8
36 results
Compare
Forked from briar / briar
6067 commits behind the upstream repository.
user avatar
Don't try to erase secrets from memory.
akwizgran authored 
1. The things we're really trying to protect - contact identities,
message contents, etc - can't be erased from memory because they're
encapsulated inside objects we don't control.

2. Long-term secrets can't be protected by erasing them from memory
because they're stored in the database and the database key has to be
held in memory whenever the app's running.

3. If the runtime uses a compacting garbage collector then we have no
way to ensure an object is erased from memory.

4. Trying to erase secrets from memory makes the code more complex.

Conclusion: Let's not try to protect secrets from an attacker who can
read arbitrary memory locations.
358166bc
History
user avatar 358166bc
History