Unpopular opinion: it's not actually possible to selectively scrub secrets from memory in complex applications. You can zero all process memory, but I don't believe zeroing just secrets after use works. (Manually, without taint analysis.)
-
-
Oh, I agree, I'm not saying we need to get better at scrubbing, I'm saying we need to stop doing it, and if it was actually important, find other solutions (like process isolation). (Something's wrong with Tweetdeck, sorry for the tweet-and-delete.)
-
Ah, ok! If it does matter: process isolate, mlock(), MMAP_DONTDUMP, and memset() *everything*, ideally scrubbing streams as they are flushed out. Hard and a painful performance hit and so rarely seen :(
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Seen that way, it should be clear that data
-ing is for everything.