Skip to content

Botan::secure_vector<uint8_t> Vs. std::vector<uint8_t> #4453

Answered by reneme
nata11 asked this question in Q&A
Discussion options

You must be logged in to vote

Hi Nadeem,

as you found in the documentation, Botan::secure_vector uses a custom allocator that does two things:

  1. zeroize the memory on destruction
  2. try to lock the memory, so that the OS isn't swapping the underlying pages to disk

Both are defense-in-depth measures to avoid information disclosure on (e.g.) multi-tenant systems.

Primarily the keys are constructed using std::vector and IV is constructed using secure_vector.

This is indeed misleading and should be the other way round. In typical applications IVs don't have to remain secret, while keys should definitely be protected. Thanks for pointing this out, we'll work on our examples.

Essentially I am asking what are the use cases o…

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@nata11
Comment options

Answer selected by nata11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants