Zeroisation

In cryptography, zeroisation (also spelled zeroization) is the practice of erasing sensitive parameters (electronically stored data, cryptographic keys, and critical security parameters) from a cryptographic module to prevent their disclosure if the equipment is captured.

This is generally accomplished by altering or deleting the contents to prevent recovery of the data.

[1] When encryption was performed by mechanical devices, this would often mean changing all the machine's settings to some fixed, meaningless value, such as zero.

Zeroisation would typically be performed at the end of an encryption session to prevent accidental disclosure of the keys, or immediately when there was a risk of capture by an adversary.

A cryptographic software developer must have an intimate understanding of memory management in a machine, and be prepared to zeroise data whenever a sensitive device might move outside the security boundary.

"Emergency Erase" (АВАРИЙНОЕ СТИРАНИЕ) switch, zeroize in NSA parlance, on a cryptographic device of the Soviet Strategic Rocket Forces