Johannes Nohl a écrit :
Dear list,
I was thinking of writing a daemon in freepascal. When the program is
started it will ask for a password. Then keep the pass in a string
variable, using it every 10 minutes.
It's not for an high security environment but I'm interested in
general. How to protect those information in memory?
Under Linux or BSD, only the owner can access the memory of his program.
So if launched by root, only readable by root.
If possible, store a hash and not a clear password, just to be paranoid
as we should :o)
Ex :
var
salt : string;
pwd : string;
begin
salt := 'Something random or my software name, just used to avoid
dictionary attacks';
pwd := md5('My Secret Password' + salt);
end;
So only a hash is stored in pwd, and it's unique.
But always remember that local access to a computer = quit easy to hack
anything, unless you use strong cryptography.
--
Marc
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
