proposal: runtime: add SecureErase and MarkSecureEraseOnFinalize functionality #44018
Labels
FrozenDueToAge
Proposal
Proposal-Crypto
Proposal related to crypto packages or other security issues
Projects
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
This is not an issue, but instead a feature request.
While I can write my own SecureErase and SecureEraseOnFinalize, it would be fantastic if the runtime had a method to do this. (I could not find a method call that does the SecureErase part, though I can do it with some of the runtime components like KeepAlive or the Finalize component myself.
What is being requested is to build this into the runtime as a feature. Developers than can erase any sensitive data to reduce the window of opportunity for a memory-dump analysis or a HeatBleed style protocol attack. In other words a way to minimize the time in memory that a sensitive piece of information is available.
What operating system and processor architecture are you using (
go env
)?Linux
go env
OutputWhat did you do?
This is a feature ask.
What did you expect to see?
I would like a runtime.SecureErase(interface{}) and a runtime.MarkSecureEraseAtFinalize(interface{}) method to ensure zero of memory at explicit call-time or zero of memory before GC.
What did you see instead?
I had to write this myself.
The text was updated successfully, but these errors were encountered: