At any rate, note that what you are trying to do only provides some mitigation
and is far from a complete solution, because in practice you can't prevent
leakage of all confidential data in this way (what about hibernation while the
key is in memory? what about plaintext decrypted with the key?)
The only effective solution is to encrypt all storage including swap using
full-disk encryption, as well as all internal network links using IPsec or
similar, so that it doesn't matter if sensitive data is swapped, accidentally
written to files or communicated between servers.
_______________________________________________
Rust-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/rust-dev
