How to overwrite sensitive data in memory?


regarding security and denying an attacker to extract sensitive data (passwords, …) from memory, is there a way to destroy values in memory in elixir/erlang, and if so, how can it be done?


You can stop the virtual machine (BEAM) and do some sort of memory poisoning.

I don’t think there is anything specific to Erlang, really.

Not memory related, but a “break glass” procedure (like the one in HashiCorp’s Vault) to update all the passwords this machine had should also be done.

When you are sure that there are no references are lingering around, then you can use :erlang.garbage_collect/0 to enforce garbage collection in your current process. Sensible data might still be readable in memory until the old heap is overwritten.

It is not possible to overwrite sensible data with garbage as you could in C or Rust. At least not during runtime.

This problem is common to about all languages. Especially Strings are treated immutable in many languages, and therefore not obfuscatable afterwards, and if the languages are GC’d its even worse, since you often do not have any control about when its run or how many references still do persist…

If you really need to ensure that those kind of data needs to be destroyed, you can’t do anything but loading and handling those values solely in a NIF bound context, without ever leaving it.

Thanks for the replies. Long story short - this means that I’d have to implement something like a secure execution engine which generates all sensitive data/queries it from external services and performs all necessary operations on the sensitive data. Sounds like an interesting challenge :slight_smile: