Hacker News new | past | comments | ask | show | jobs | submit login
Hare language LWN thread: “how do I know if my keys will be stored securely?” (lwn.net)
26 points by jamespwilliams on May 2, 2022 | hide | past | favorite | 4 comments



What a mess of a thread. LWN charges for the privilege of engaging in these discussions, right?

This instance on LWN seems more toxic than the HN average. Unencouraging gatekeeper nonsense. What's the upside for SirCmp?


The tl;dr version:

Programmer: store this key securely Library: stores key on the heap Library maintainer: working as designed.


This is not really accurate, it stores keys as securely as it is able to. Also the heap is not inherently insecure - it depends on other factors such as network isolation, user permissions, containers and other kernel protections.

Many things like https and ssh servers store secrets on the heap when they are in use.


https://git.sr.ht/~sircmpwn/hare/tree/master/item/crypto/key...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: