Skills / Engineering / Secret Zeroization Audit

Secret Zeroization Audit

Detect sensitive data left in memory and zeroization stripped by compiler optimizations. Uses assembly-level and control-flow analysis to verify keys, passwords, and secrets are actually wiped in C, C++, and Rust.

Calling memset to wipe a key isn't enough — compilers optimize it away. This skill audits code that handles secrets for missing zeroization and, crucially, checks the generated assembly and control flow to confirm the wipe survives optimization in C, C++, and Rust.

security cryptography memory-safety rust audit

When to use

Use when auditing C/C++/Rust code that handles secrets, keys, passwords, or other sensitive data, to confirm that zeroization is present and not removed by the compiler.

Examples

Audit secret wiping

Check that keys are zeroized

Audit this Rust crypto code to confirm all key material is zeroized and not optimized away

Verify at assembly level

Confirm the wipe survives -O2

Check whether this memset-based secret wipe in C survives compiler optimization
Added to wishlist