secstr

A Rust library that implements a data type (wrapper around Vec<u8> and other types) suitable for storing sensitive information such as passwords and private keys in memory. Inspired by Haskell securemem and .NET SecureString.

Featuring:

• constant time comparison (does not short circuit on the first different character; but terminates instantly if strings have different length)
• automatically zeroing out in the destructor using zeroize
• mlock and madvise protection if possible
• formatting as ***SECRET*** to prevent leaking into logs
• (optionally) using libsodium (through sodiumoxide's libsodium-sys) for comparison, and hashing (std::hash::Hash)
• (optionally) de/serializable into anything Serde supports as a byte string
• (optionally) compile-time checked preconditions for the public unsafe API

Usage

use secstr::*;

let pw = SecStr::from("correct horse battery staple");

// Compared in constant time:
// (Obviously, you should store hashes in real apps, not plaintext passwords)
let are_pws_equal = pw == SecStr::from("correct horse battery staple".to_string()); // true

// Formatting, printing without leaking secrets into logs
let text_to_print = format!("{}", SecStr::from("hello")); // "***SECRET***"

// Clearing memory
// THIS IS DONE AUTOMATICALLY IN THE DESTRUCTOR
// (but you can force it)
let mut my_sec = SecStr::from("hello");
my_sec.zero_out();
// (It also sets the length to 0)
assert_eq!(my_sec.unsecure(), b"");

Be careful with SecStr::from: if you have a borrowed string, it will be copied.
Use SecStr::new if you have a Vec<u8>.

License

This is free and unencumbered software released into the public domain.
For more information, please refer to the UNLICENSE file or unlicense.org.