What is insecure about it? Also I have started looking at your Noscrypt. Sick work. Wish more people used it.
(Tempted to make python bindings)
When you find out that Bitcoin-Core devs just learned about memset being "insecure" by most compilers by default.
https://github.com/bitcoin-core/secp256k1/compare/v0.5.1...v0.6.0
Noscrypt has used platform "secure" memset since it's inception:
https://git.vaughnnugent.com/cgit/vnuge/noscrypt.git/tree/src/nc-crypto.c#n197
Discussion
Please do! I want to have support for many languages in the future
The issues is that on my most *nix platforms the `memset(ptr, size);` call gets optimized away because there is no read after write. So it's considered insecure. Along with that both the cl.exe and cc compilers treat volatile argument pointers differently and they even disagree heavily about when to use volatile pointers either as arguments or even in the procedure body. Really the only right way is to look at the assembly after you compile your project to see if there are instructions to wipe the buffer correctly.
one of the many innovations of #golang over C
everything is wiped at allocation AND on free
ok tbh i'm not sure about at free... most golang signature and encryption implementations include a step at the end of stuff where they write zeroes to each byte/word of the memory of the objects
i think someone wrote a nice memfence thing also which triggers an interrupt when nearby memory is accessed
if they made the GC zero the memory at free that would be awesome... but i can see why it might not be... they should add a flag or something for sensitive values so they are definitely zeroed, that would put Go above all
Yeah I mean it's only useful in certain conditions like secrets. Clearing the stack with fencing is SLOW as fuck like 1000s of CPU cycles to write back to physical memory, often blocking other threads, and dealing with kernel preemption. That's a massive slowdown. Were willing to take the massive performance hit for secrets though.
Probably 100,000s of cpu cycles
That's wild.