Go Proposal: Secret Mode
2 days ago
- #Cryptography
- #Memory safety
- #Go programming
- Go 1.26 introduces the experimental `runtime/secret` package to automatically erase memory used by sensitive functions.
- `secret.Do(func() {...})` ensures registers, stack, and heap allocations are zeroed out after function execution to prevent secret leaks.
- Primarily aimed at cryptographic library developers to enhance forward secrecy by securely erasing session keys and sensitive data.
- Limitations include platform support (linux/amd64, linux/arm64), no protection for global variables, and restrictions on goroutines within `secret.Do`.
- Example usage demonstrates encrypting data with an ephemeral key, where all intermediate sensitive states are automatically erased.