Security

This section has security-relevant information regarding orion.

Memory:

orion has a best-effort approach to wiping sensitive memory. There are known obstacles for ensuring effective memory wiping using Rust (from zeroize):

However, be aware that Rust's current memory semantics (e.g. move) can leave copies of data in memory, and there isn't presently a good solution for ensuring all copies of data on the stack are properly cleared.

Due to such limitations, orion offers no guarantees that all sensitive memory is wiped. orion also makes no attempts to avoid sensitive memory being written to the system swap space.

Side-channel attacks:

orion only aims to protect against timing-based side-channel vulnerabilities.

No unsafe code:

orion itself forbids the use of so-called “unsafe” code, meaning that all memory-safety guarantees provided by Rust are enforced at compile-time. However, even though orion itself does not allow unsafe code, it is used in some of its dependencies.

Third-party security audit:

orion has not yet received any formal security audit.