Hi,

On Wed, Aug 14, 2024 at 08:52:54AM +0200, Gert Doering wrote:
> On Tue, Aug 13, 2024 at 08:14:23PM -0400, Selva Nair wrote:
> > Nonetheless, on Windows, we could easily add CryptProtectMemory() with
> > SAME_PROCESS access for good measure, especially for those who cannot use
> > "--auth-nocache". That will also add some protection to proxy passwords
> > which are always cached for some reason.
> 
> Would you be willing to send something?

Looking a bit closer, this is less straightforward than I thought
(I was expecting something "protect this memory from prying eyes",
but it's "crypt/decrypt this chunk of memory", which would need to
be woven into whenever we want to access or update the user/password
structures, including auth tokens)...

Still doable, and possibly worth trying.

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             g...@greenie.muc.de

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to