Change PIN Parameter type from string to []byte #184
8000
Comments
|
regardless of 'keeping in memory' (i think there are some dirty tricks in go to remove a string more quickly), this would be a backward incompatible change, which would imply a v2, which isn't planned |
|
For go string i know trick. But currently, an additional copy of the value is created when passing it to C, and I’m not aware of any trick to avoid or clean up that one. Understood about v2 — but what about v3? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the PIN is passed as a string, making it impossible to legally overwrite the PIN in memory after use. When sensitive data like a PIN is passed as a string, it may remain in memory longer than necessary and could be exposed in a memory dump.
Proposal:
Change the PIN parameter type from string to []byte. This would allow the caller to manually zero out the PIN after use, improving control over sensitive data and aligning the library with secure coding practices.
Would the maintainers consider this change? I’d be glad to assist with implementation if needed.
The text was updated successfully, but these errors were encountered: