Re: static gchar security

From: Brett Nash <nash nash nu>
To: Jacob Perkins <jap1 users sourceforge net>
Cc: gtk-app-devel-list <gtk-app-devel-list gnome org>
Subject: Re: static gchar security
Date: Tue, 5 Nov 2002 17:12:02 +1100

How (in)secure would it be to have a static gchar that would save a
plaintext password?  The gchar would start off null, but could later
contain a password, and is static for the life of the app.  Is there a
better way to do this?


Fairly.  The main danger is your applications memory being paged out to
insecure swap, making a long term version of the password on (swap)
disk.  This may stay around forever.  Although this may not be a large
exposure for your application, since most people have a habit of resuing
passwords, it increases users exposure to password snooping.

I would advise you use the UNIX method and hash (crypt, md5, sha-1 etc)
the password, and when presented with new passwords immdiatly hash them,
and compare the hashes.  This will reduce the amount of time plain text
passwords are kept in memory (ie only while being hashed).  In short
never keep plain text versions of passwords around.  Also note you only
need a one way hash, you don't need to be able to recover the original
password.

Additionally look at mlock(2) to (hopefully) further reduce the risk of 
the pages with unencrypted passwords being paged out.

        Regards,
        nash

-- 
Brett Nash <nash nash nu>
Sometimes it's better to light a flamethrower than curse the darkness.

References:
- static gchar security
  - From: Jacob Perkins

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]