Unpopular opinion: it's not actually possible to selectively scrub secrets from memory in complex applications. You can zero all process memory, but I don't believe zeroing just secrets after use works. (Manually, without taint analysis.)
-
-
This is valid for general confidential data, but for signing keys they are the target data directly. And without PFS, keys can allow durable compromise. I agree overall, but key material is still a special target; a minimal place to start
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
Show additional replies, including those that may contain offensive content
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Seen that way, it should be clear that data
-ing is for everything.