diff options
| author | Jakob Unterwurzacher | 2017-08-11 18:42:30 +0200 | 
|---|---|---|
| committer | Jakob Unterwurzacher | 2017-08-11 19:02:26 +0200 | 
| commit | 0c520845f3623eff28f0277a52e3ccffd928f5c2 (patch) | |
| tree | 82a3e0f8c55ae980d29e33b230954638229089c9 /tests/example_filesystems/v1.1-reverse/.gocryptfs.reverse.conf | |
| parent | f59479736bed49411bda3368f419d6605f1faa78 (diff) | |
main: purge masterkey from memory as soon as possible
Remove the "Masterkey" field from fusefrontend.Args because it
should not be stored longer than neccessary. Instead pass the
masterkey as a separate argument to the filesystem initializers.
Then overwrite it with zeros immediately so we don't have
to wait for garbage collection.
Note that the crypto implementation still stores at least a
masterkey-derived value, so this change makes it harder, but not
impossible, to extract the encryption keys from memory.
Suggested at https://github.com/rfjakob/gocryptfs/issues/137
Diffstat (limited to 'tests/example_filesystems/v1.1-reverse/.gocryptfs.reverse.conf')
0 files changed, 0 insertions, 0 deletions
