Le 22/08/2012 14:12, Tom Hacohen a écrit :
> On 22/08/12 15:04, Carsten Haitzler (The Rasterman) wrote:
>> On Wed, 22 Aug 2012 14:54:30 +0300 Tom Hacohen <tom.haco...@samsung.com> 
>> said:
>>
>>> On 22/08/12 14:51, Carsten Haitzler (The Rasterman) wrote:
>>>> On Wed, 22 Aug 2012 14:46:50 +0300 Tom Hacohen <tom.haco...@samsung.com>
>>>> said:
>>>>
>>>>> To be honest, I don't know how secure we can get there because of entry.
>>>>> We only free (without explicitly erasing) the buffers used internally by
>>>>> entry (elm+edje) and textblock, so there might be cleartext copies of
>>>>> the pass in memory anyway...
>>>> it doesnt use elm or edje entry or e entry.. its literally done by hand
>>>> listening to keystrokes (whihc frankly if u can force coredumps u can 
>>>> divine
>>>> the passwd thru keystroke memory history if u are lucky). :)
>>> So not entry, but it uses text/textblock to show the text, doesn't it?
>>> If so, the same logic applies.
>> it only shows *****
>>
>> so i guess u could find out how many chars the pw has.. that's it. evas only
>> ever sees *** (and edje too).
>>
>>
> Ah, you are right. I remembered it had issues with handling hebrew 
> passwords (it showed as many * as the bytes instead of the chars), but 
> it's because the count was wrong, not a malfunction in edje/textblock. 
> Now I remember. :)
>
> Ok, cool.
>
> --
> Tom.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> enlightenment-devel mailing list
> enlightenment-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
>

https://www.securecoding.cert.org/confluence/display/seccode/MSC06-C.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data

Mmhhh...


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Reply via email to