diff --git a/Cargo.lock b/Cargo.lock
index 1602cfa8..a4ea8e81 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -16,6 +16,7 @@ dependencies = [
  "crypto-common",
  "generic-array",
  "hex-literal 0.3.4",
+ "zeroize 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
 [[package]]
@@ -225,6 +226,12 @@ dependencies = [
  "zeroize_derive",
 ]
 
+[[package]]
+name = "zeroize"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9"
+
 [[package]]
 name = "zeroize_derive"
 version = "1.4.2"
diff --git a/block-buffer/CHANGELOG.md b/block-buffer/CHANGELOG.md
index 14fa050b..c978381d 100644
--- a/block-buffer/CHANGELOG.md
+++ b/block-buffer/CHANGELOG.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - `ReadBuffer` type ([#823])
 - `serialize` and `deserialize` methods ([#823])
+- Optional implementation of the `Zeroize` trait ([#963])
 
 ### Changed
 - Supported block sizes are now bounded by the `crypto_common::BlockSizes` trait,
@@ -20,6 +21,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `EagerBuffer::set_data` method. Use the `ReadBuffer` type instead. ([#823])
 
 [#823]: https://github.com/RustCrypto/utils/pull/823
+[#963]: https://github.com/RustCrypto/utils/pull/963
 
 ## 0.10.3 (2022-09-04)
 ### Added
diff --git a/block-buffer/Cargo.toml b/block-buffer/Cargo.toml
index 7b121f95..c175ef2f 100644
--- a/block-buffer/Cargo.toml
+++ b/block-buffer/Cargo.toml
@@ -14,6 +14,7 @@ readme = "README.md"
 [dependencies]
 crypto-common = "0.2.0-pre"
 generic-array = "0.14"
+zeroize = { version = "1.4", optional = true, default-features = false }
 
 [dev-dependencies]
 hex-literal = "0.3.3"
diff --git a/block-buffer/src/lib.rs b/block-buffer/src/lib.rs
index 61438e71..4d73c44d 100644
--- a/block-buffer/src/lib.rs
+++ b/block-buffer/src/lib.rs
@@ -15,6 +15,8 @@ use generic_array::{
     typenum::{Add1, B1},
     ArrayLength, GenericArray,
 };
+#[cfg(feature = "zeroize")]
+use zeroize::Zeroize;
 
 mod read;
 mod sealed;
@@ -333,3 +335,12 @@ impl<BS: BlockSizes> BlockBuffer<BS, Lazy> {
         })
     }
 }
+
+#[cfg(feature = "zeroize")]
+impl<BS: BlockSizes, K: BufferKind> Zeroize for BlockBuffer<BS, K> {
+    #[inline]
+    fn zeroize(&mut self) {
+        self.buffer.zeroize();
+        self.pos.zeroize();
+    }
+}
diff --git a/block-buffer/src/read.rs b/block-buffer/src/read.rs
index fa9237a1..1fb5ac66 100644
--- a/block-buffer/src/read.rs
+++ b/block-buffer/src/read.rs
@@ -1,6 +1,8 @@
 use super::{Block, Error};
 use core::{fmt, slice};
 use crypto_common::{BlockSizeUser, BlockSizes};
+#[cfg(feature = "zeroize")]
+use zeroize::Zeroize;
 
 /// Buffer for reading block-generated data.
 pub struct ReadBuffer<BS: BlockSizes> {
@@ -146,3 +148,11 @@ impl<BS: BlockSizes> ReadBuffer<BS> {
         (blocks, right)
     }
 }
+
+#[cfg(feature = "zeroize")]
+impl<BS: BlockSizes> Zeroize for ReadBuffer<BS> {
+    #[inline]
+    fn zeroize(&mut self) {
+        self.buffer.zeroize();
+    }
+}
diff --git a/block-buffer/src/sealed.rs b/block-buffer/src/sealed.rs
index cc7b3ef6..90b408ae 100644
--- a/block-buffer/src/sealed.rs
+++ b/block-buffer/src/sealed.rs
@@ -3,7 +3,10 @@ use generic_array::{ArrayLength, GenericArray};
 
 /// Sealed trait for buffer kinds.
 pub trait Sealed {
+    #[cfg(not(feature = "zeroize"))]
     type Pos: Default + Clone;
+    #[cfg(feature = "zeroize")]
+    type Pos: Default + Clone + zeroize::Zeroize;
 
     fn get_pos(buf: &[u8], pos: &Self::Pos) -> usize;