proposal: securely wipe sensitive data from memory

[leonklingele]

This is a follow-up of https://groups.google.com/forum/#!topic/golang-nuts/sKQtvluD_So (from early 2013).

It would be nice to somehow wipe sensitive data from memory (e.g. a password/key, once it is no longer required). Is this idea already ruled-out? It looks like Cipher.Reset() was removed, as it couldn't guarantee to remove a key from memory.

[minux]

To really securely store and wipe memory, you need to mlock the page into memory so that it won't go into swap before storing into it. Clearing it is actually the easy part of this. Because you can't mlock a Go variable allocated from heap, you will have to manage your own memory with mmap. Why not write a go-gettable package for this to see how it goes? It's certainly non-trivial as one might expect (esp. because one has to manage the memory used to store sensitive material manually).

[bradfitz]

This isn't so much of a proposal as it is a wishlist item.

The Go proposal process is not about asking others to do design & implementation work.

I'm going to close this until there's an actual design proposal.

As @minux says, there are OS-specific things like mlock that would be necessary, and anything Go offers would be need to be done portably and available on all operating systems.

I'd prefer to see it done as an external library first, before brought into the Go core, especially since nobody working on the Go core has time for this at the moment.

If you would like to work on this, though, please re-open and provide a bit more of a proposal.

[leonklingele]

This library seems to the job.