Created
May 14, 2026 01:20
-
-
Save randyap8-wq/f05f37c8fc54024670691a9a4b249f39 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| One remaining item | |
| ed25519-dalek missing the zeroize feature. | |
| toml# Cargo.toml | |
| ed25519-dalek = { version = "2.1.1", features = ["rand_core"] } | |
| ed25519-dalek exposes a zeroize feature that enables ZeroizeOnDrop for SigningKey — when the key is dropped it overwrites its memory before deallocation, so a heap dump or swap-file read can't recover it. Without it, the signing key bytes linger in process memory until the allocator happens to overwrite them. For a library that just added a key management section advising TPM-backed keys and short rotation windows, this is a conspicuous gap. | |
| The fix is one line: | |
| tomled25519-dalek = { version = "2.1.1", features = ["rand_core", "zeroize"] } | |
| No API changes needed — zeroize just adds a Drop impl to SigningKey. Low effort, meaningfully closes the threat surface that the key management doc section is designed to address. | |
| Standing limitations (documented, not unresolved) | |
| The equal-split sampling loop and the unshipped eBPF kernel object are both now clearly documented as design choices, not gaps. They're the right things to call out for operators rather than silently paper over. No action needed unless you later want to ship a reference eBPF probe or wire up the deterministic model as the loop default. | |
| The zeroize feature flag is the only real remaining action item. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment