Please do not reply to this email- if you want to comment on the bug, go to the URL shown below and enter your comments there.
Changed by [EMAIL PROTECTED] http://bugzilla.ximian.com/show_bug.cgi?id=82819 --- shadow/82819 2007-09-12 09:58:32.000000000 -0400 +++ shadow/82819.tmp.23234 2007-09-12 09:58:32.000000000 -0400 @@ -0,0 +1,27 @@ +Bug#: 82819 +Product: Mono: Class Libraries +Version: 1.2 +OS: +OS Details: +Status: NEW +Resolution: +Severity: +Priority: Cosmetic +Component: Mono.Security +AssignedTo: [EMAIL PROTECTED] +ReportedBy: [EMAIL PROTECTED] +QAContact: [EMAIL PROTECTED] +TargetMilestone: --- +URL: +Cc: +Summary: Context.ClearKeyInfo doesn't zero-out secret keys + +This could be considered not to be a bug by some, but the the +ClearKeyInfo method of the Mono.Security.Protocol.Tls.Context class +doesn't zero out the secret key information, leaving the keys in memory. + +I would erase secret data from memory as soon as possible, which means +adding code like this before setting the buffers to null: + +if (this.clientWriteKey != null) + Array.Clear(this.clientWriteKey, 0, this.clientWriteKey.Length); _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
