Erasing passwords from ram?
Nick Sabalausky
a at a.a
Thu May 9 19:10:04 UTC 2019
On Tuesday, 30 April 2019 at 08:15:15 UTC, Dukc wrote:
> I am currently programming a server. So I got the idea that
> after I've generated all the hashes I need from a password, I
> want to erase it from RAM before discarding it, just to be sure
> it won't float around if the server memory is exposed to
> spyware by some buffer overflow. Is this wise caution, or just
> being too paranoid?
I've seen this done, and regardless of likelihoods, it doesn't
hurt as a precaution.
The memutils lib offers a tool for this, 'SecureMem':
http://code.dlang.org/packages/memutils
In addition to memory-zeroing, it can also prevent it from
getting "dumped to disk on a crash or during OS
sleep/hibernation."
More information about the Digitalmars-d-learn
mailing list