On Thursday, 9 May 2019 at 19:10:04 UTC, Nick Sabalausky wrote:
On Tuesday, 30 April 2019 at 08:15:15 UTC, Dukc wrote:
I am currently programming a server. So I got the idea that
after I've generated all the hashes I need from a password, I
want to erase it from RAM before discarding it, just
On Tuesday, 30 April 2019 at 08:15:15 UTC, Dukc wrote:
I am currently programming a server. So I got the idea that
after I've generated all the hashes I need from a password, I
want to erase it from RAM before discarding it, just to be sure
it won't float around if the server memory is exposed
On Monday, 6 May 2019 at 17:57:55 UTC, Cym13 wrote:
So what I'm trying to say is that, given your threat model, it
does not seem relevant to protect against memory disclosure
specifically: you want to protect against the larger and more
common threat of memory corruptions and that happens to
On Monday, 6 May 2019 at 09:34:22 UTC, Dukc wrote:
Oops, I forgot to check back this theard. But yes, just the
info I was looking for.
On Wednesday, 1 May 2019 at 22:14:52 UTC, Cym13 wrote:
There are very few relevant threat models where removing a
password from RAM is an adequate solution.
Oops, I forgot to check back this theard. But yes, just the info
I was looking for.
On Wednesday, 1 May 2019 at 22:14:52 UTC, Cym13 wrote:
There are very few relevant threat models where removing a
password from RAM is an adequate solution.
Not an adequate solution... What else is usually
On Tuesday, 30 April 2019 at 08:15:15 UTC, Dukc wrote:
I am currently programming a server. So I got the idea that
after I've generated all the hashes I need from a password, I
want to erase it from RAM before discarding it, just to be sure
it won't float around if the server memory is exposed
On Tuesday, 30 April 2019 at 08:31:40 UTC, Kagamin wrote:
You better obfuscate the password on client side.
No, this particular password does not come from clients. Rather,
it's given by server maintainer and used to generate passcodes
that are then distributed to clients.
You better obfuscate the password on client side.
I am currently programming a server. So I got the idea that after
I've generated all the hashes I need from a password, I want to
erase it from RAM before discarding it, just to be sure it won't
float around if the server memory is exposed to spyware by some
buffer overflow. Is this wise