On Tuesday, 30 April 2019 at 08:15:15 UTC, Dukc wrote:
I am currently programming a server. So I got the idea that
after I've generated all the hashes I need from a password, I
want to erase it from RAM before discarding it, just to be sure
it won't float around if the server memory is exposed to
spyware by some buffer overflow. Is this wise caution, or just
being too paranoid?
I've seen this done, and regardless of likelihoods, it doesn't
hurt as a precaution.
The memutils lib offers a tool for this, 'SecureMem':
http://code.dlang.org/packages/memutils
In addition to memory-zeroing, it can also prevent it from
getting "dumped to disk on a crash or during OS
sleep/hibernation."
