feat: zeroize by lonerapier · Pull Request #61 · multifactor/MFKDF2.rs

lonerapier · 2025-12-03T19:10:44Z

closes #44

Changes:

zeroize for all structs with sensitive material
zeroize feature. turned on as default feature.
manual zeroize sensitive keys/secrets in methods.
- Uniffi doesn't allow Drop due to multiple copies of same buffer in FFI boundary conversions.
Replace factor specific secret, key types with compile-time checked ByteArray removing Vec<u8>.

* add cbc encryption for ooba target * use crate's inner trait method * add security warning

* add hint to integrity checks * add integrity check for add hint * verify policy integrity before hint checks

) clippy fixes

…type

lonerapier linked an issue Dec 3, 2025 that may be closed by this pull request

security: use zeroize to ensure sensitive memory values are erased #44

Open

lonerapier added 4 commits December 5, 2025 00:41

fix doctests

705f2c6

task: pin differential tests to specific commit (#58)

40635f8

fix(F7): CBC encryption for ooba target (#56)

84407e6

* add cbc encryption for ooba target * use crate's inner trait method * add security warning

fix(F6): hint entropy leak (#57)

f07a884

* add hint to integrity checks * add integrity check for add hint * verify policy integrity before hint checks

lonerapier force-pushed the fix/audit branch from 73d02d9 to 9d3b905 Compare December 4, 2025 19:32

lonerapier added 2 commits December 5, 2025 01:04

fix(F3): derive internal key and external key for domain separation (#59

83c0ac5

) clippy fixes

fix(F4): add docs for integrity

7a62f03

lonerapier force-pushed the fix/audit branch from 9d3b905 to 7a62f03 Compare December 4, 2025 19:35

lonerapier added 8 commits December 8, 2025 15:00

fix(hmacsha1): remove params from factor, add zeroize, accept impl …

9fc5dd6

…type

add zeroize for policy, derived key, policy_factor

580bc60

add zeroize for individual factors

34c258c

zeroize: derived key

ecbbbbf

bytearray and otpauth

2a2b4ac

add zeroize for setup and derive

db8c2bc

fix: uniffi types

326fb0d

suppress unused mut warning for not zeroize feature

e82c566

lonerapier force-pushed the feat/zeroize branch from 7921b77 to e82c566 Compare December 8, 2025 09:30

Base automatically changed from fix/audit to main April 20, 2026 21:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: zeroize#61

feat: zeroize#61
lonerapier wants to merge 14 commits intomainfrom
feat/zeroize

lonerapier commented Dec 3, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

lonerapier commented Dec 3, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant