Zeroization of sensitive data in Erlang

Amit K klg.amit@REDACTED
Sat Oct 26 22:38:11 CEST 2019

Hi all,

Concerning the security practice of Zeroizing sensitive data from memory
after you're finished with it, such as Cryptographic keys, passwords, etc,
I wanted to ask if any of you ever had to implement such a thing in Erlang,
and if so, how? :)

Also note that often this is a requirement that you must fulfill if you
want your product to pass a security standard evaluation such as the
"Common Criteria" one (As an example requirement see FCS_CKM_EXT.4 here:

The problem of course is that in Erlang (and I suppose - FP in general)
once a variable gets assigned, you are not allowed to change its value, and
in particular of course overwrite it with zero bytes.

One option I thought about is doing it with a NIF, but from my
understanding a NIF isn't supposed to change its input values, it should
treat them as constants, which understandable as well (basic FP language

Any feedback can be helpful :)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the erlang-questions mailing list