Importance of memory hygiene
Robert J. Hansen
rjh at sixdemonbag.org
Tue Mar 31 07:00:13 CEST 2026
> This actually leads to *another* possible problem that Claude seems to
> have missed: what precautions are you taking to ensure that the
> generator state and/or generated passwords do not appear in a core dump?
Internally, a 16384-glyph Vec::<char> buffer is maintained, and when a
password is generated the characters are pulled from the buffer. When
the buffer empties the contents are zeroized, a 12288-byte Vec::<u8> is
populated from the CSPRNG, base64ed to become the new buffer, and the u8
vector is zeroized. The glyph buffer is RAIIed to zeroize on a panic.
The CSPRNG is just Rust's ChaCha20 CSPRNG. I haven't dived into the
details of its implementation, but I do take the Rust Crypto team at
their word when they say it is a CSPRNG meant for security-sensitive
applications.
If you could force a core dump during the particular nanosecond there's
sensitive data in memory then it's possible you could recover sensitive
data. I begin to think even at my level of paranoia that it's a bit
excessive, though. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260331/7c75e063/attachment.sig>
More information about the Gnupg-users
mailing list