diff --git a/packages/crypto-sha256-js/src/jsSha256.ts b/packages/crypto-sha256-js/src/jsSha256.ts
index d613b84d4c7f..f711019df7fc 100644
--- a/packages/crypto-sha256-js/src/jsSha256.ts
+++ b/packages/crypto-sha256-js/src/jsSha256.ts
@@ -17,13 +17,16 @@ export class Sha256 implements Hash {
 
             for (let i = 0; i < BLOCK_SIZE; i++) {
                 inner[i] ^= 0x36;
+                outer[i] ^= 0x5c;
             }
+
             this.hash.update(inner);
+            this.outer.update(outer);
 
-            for (let i = 0; i < BLOCK_SIZE; i++) {
-                outer[i] ^= 0x5c;
+            // overwrite the copied key in memory
+            for (let i = 0; i < inner.byteLength; i++) {
+                inner[i] = 0;
             }
-            this.outer.update(outer);
         }
     }