Gallery
About
Hi HN!I've been building a project that handles high-value credentials in-process, and I wanted something more robust than just zeroing memory on drop. A comment on a recent Show HN[0] made me realize that awareness of lower-level memory protection techniques might not be as widespread as I thought.The idea here is to pull out all the tools in one crate, with a relatively simple API. * mlock/VirtualLock to prevent sensitive memory from being swapped (eg the KeePass dump) * Core dump exclusion using MADV_DONTDUMP on Linux & Android * mprotect to minimize exposure over time * Guard pages to mitigate under/overflowsAfter some battle testing, the goal here is to provide a more secure memory foundation for things like password managers and cryptocurrency wallets.This was a fun project, and I learned a lot - would love any feedback![0] - https://news.ycombinator.com/item?id=47073430
Comments (0)
No comments yet. Be the first to comment!
