Document memory zeroization caveat

2025-09-08 23:38:49 +00:00 · 2025-08-20 20:29:58 -04:00
parent 7a039171a0
commit 857b1ef0f9
3 changed files with 15 additions and 1 deletions
--- a/docs/SPEC.md
+++ b/docs/SPEC.md
@@ -0,0 +1,6 @@
+# SeedPass Specification
+
+## Memory Protection
+
+SeedPass encrypts sensitive values in memory and attempts to wipe them when no longer needed. This zeroization is best-effort only; Python's memory management may retain copies of decrypted data. Critical cryptographic operations may move to a Rust/WASM module in the future to provide stronger guarantees.
+