Re: Erasing passwords from ram?

2019-05-10 Thread Dukc via Digitalmars-d-learn
On Thursday, 9 May 2019 at 19:10:04 UTC, Nick Sabalausky wrote: On Tuesday, 30 April 2019 at 08:15:15 UTC, Dukc wrote: I am currently programming a server. So I got the idea that after I've generated all the hashes I need from a password, I want to erase it from RAM before discarding it, just

Re: Erasing passwords from ram?

2019-05-09 Thread Nick Sabalausky via Digitalmars-d-learn
On Tuesday, 30 April 2019 at 08:15:15 UTC, Dukc wrote: I am currently programming a server. So I got the idea that after I've generated all the hashes I need from a password, I want to erase it from RAM before discarding it, just to be sure it won't float around if the server memory is exposed

Re: Erasing passwords from ram?

2019-05-07 Thread Dukc via Digitalmars-d-learn
On Monday, 6 May 2019 at 17:57:55 UTC, Cym13 wrote: So what I'm trying to say is that, given your threat model, it does not seem relevant to protect against memory disclosure specifically: you want to protect against the larger and more common threat of memory corruptions and that happens to

Re: Erasing passwords from ram?

2019-05-06 Thread Cym13 via Digitalmars-d-learn
On Monday, 6 May 2019 at 09:34:22 UTC, Dukc wrote: Oops, I forgot to check back this theard. But yes, just the info I was looking for. On Wednesday, 1 May 2019 at 22:14:52 UTC, Cym13 wrote: There are very few relevant threat models where removing a password from RAM is an adequate solution.

Re: Erasing passwords from ram?

2019-05-06 Thread Dukc via Digitalmars-d-learn
Oops, I forgot to check back this theard. But yes, just the info I was looking for. On Wednesday, 1 May 2019 at 22:14:52 UTC, Cym13 wrote: There are very few relevant threat models where removing a password from RAM is an adequate solution. Not an adequate solution... What else is usually

Re: Erasing passwords from ram?

2019-05-01 Thread Cym13 via Digitalmars-d-learn
On Tuesday, 30 April 2019 at 08:15:15 UTC, Dukc wrote: I am currently programming a server. So I got the idea that after I've generated all the hashes I need from a password, I want to erase it from RAM before discarding it, just to be sure it won't float around if the server memory is exposed

Re: Erasing passwords from ram?

2019-04-30 Thread Dukc via Digitalmars-d-learn
On Tuesday, 30 April 2019 at 08:31:40 UTC, Kagamin wrote: You better obfuscate the password on client side. No, this particular password does not come from clients. Rather, it's given by server maintainer and used to generate passcodes that are then distributed to clients.

Re: Erasing passwords from ram?

2019-04-30 Thread Kagamin via Digitalmars-d-learn
You better obfuscate the password on client side.

Erasing passwords from ram?

2019-04-30 Thread Dukc via Digitalmars-d-learn
I am currently programming a server. So I got the idea that after I've generated all the hashes I need from a password, I want to erase it from RAM before discarding it, just to be sure it won't float around if the server memory is exposed to spyware by some buffer overflow. Is this wise