Hi there Rustafarians, There's a particular type I'd love to see in core Rust: a bytebuffer for crypto purposes which automatically provides what I'd call "good crypto hygiene". It'd do the following things:
- Avoid being paged out to swap by use of mlock/VirtualLock - Ensure it's zeroed out (and munlocked) after use (via RAII-style conventions?) - Be able to interact directly with the I/O layer so it's easy to get data in/out of these buffers without having to thunk it through a bunch of intermediate types that won't have these properties, i.e. it should be possible for me to read an encryption key from a file without going through a [u8] that wouldn't get locked/zeroed automatically. Why is it important to have a type like this in the Rust standard library? IMO, so all the cryptographic libraries in Rust can use the same type for this purpose and in doing so interoperate easily (i.e. I should be able to get a cryptographic key read from TLS and decrypted into one of these buffers and use it with another library while still ensuring everything will get locked/zeroed) It would also mean that anyone using Rust would have a lot easier time writing code with good crypto hygiene, at least if all the crypto libraries used it, because this type would take care of doing all of this sort of thing for you automatically. Most other languages completely punt on this problem. Can Rust do better? Is this the sort of thing that belongs in the Rust standard library? -- Tony Arcieri
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
