On Thursday, 9 May 2019 at 19:10:04 UTC, Nick Sabalausky wrote:
On Tuesday, 30 April 2019 at 08:15:15 UTC, Dukc wrote:
I am currently programming a server. So I got the idea that
after I've generated all the hashes I need from a password, I
want to erase it from RAM before discarding it, just to be
sure it won't float around if the server memory is exposed to
spyware by some buffer overflow. Is this wise caution, or just
being too paranoid?
I've seen this done, and regardless of likelihoods, it doesn't
hurt as a precaution.
The memutils lib offers a tool for this, 'SecureMem':
http://code.dlang.org/packages/memutils
Good link!
The passwords in this case probably aren't worth it (see Cym's
replies why), but I'll remember that library if I have to deal
with something more sensitive, or just decide to put some extra
effort to the security considerations.
