|
Title: Password fan memory scraping risk mitigation Post by: clemahieu on November 04, 2015, 04:49:01 AM I put up a short blurb about a technique we use for mitigating the risk of memory scraping encryption keys. I haven't seen others do it, we call it a password fan. Basically we break apart the key in to a thousand or so separate places in memory and only reassemble it when actual signing needs to be done.
https://github.com/clemahieu/raiblocks/wiki/Password-fan It's trivial to implement, I thought others may want to copy the technique. |