Erasing passwords from ram?
Dukc
ajieskola at gmail.com
Fri May 10 09:06:56 UTC 2019
On Thursday, 9 May 2019 at 19:10:04 UTC, Nick Sabalausky wrote:
> On Tuesday, 30 April 2019 at 08:15:15 UTC, Dukc wrote:
>> I am currently programming a server. So I got the idea that
>> after I've generated all the hashes I need from a password, I
>> want to erase it from RAM before discarding it, just to be
>> sure it won't float around if the server memory is exposed to
>> spyware by some buffer overflow. Is this wise caution, or just
>> being too paranoid?
>
> I've seen this done, and regardless of likelihoods, it doesn't
> hurt as a precaution.
>
> The memutils lib offers a tool for this, 'SecureMem':
> http://code.dlang.org/packages/memutils
Good link!
The passwords in this case probably aren't worth it (see Cym's
replies why), but I'll remember that library if I have to deal
with something more sensitive, or just decide to put some extra
effort to the security considerations.
More information about the Digitalmars-d-learn
mailing list