www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Secure memory support

reply Piotr Szturmaj <bncrbme jadamspam.pl> writes:
We need a solution to store confidential data like encryption keys or 
passwords securely.

For example .NET has SecureString 
(http://msdn.microsoft.com/en-us/library/system.security.securestring.aspx).

At bare minimum program must be able to mark memory regions as non 
pageable, so private data will not be paged to disk.

On Windows there is VirtualLock/VirtualUnlock 
(http://msdn.microsoft.com/en-us/library/windows/desktop/aa366895
28v=vs.85%29.aspx). 
On *nixes there is mlock/munlock (http://linux.die.net/man/2/mlock).

Also, regions marked as secure must be zeroed after deallocation.

Should we make something like secure allocator in Phobos?
Jan 27 2012
parent =?UTF-8?B?QWxleCBSw7hubmUgUGV0ZXJzZW4=?= <xtzgzorex gmail.com> writes:
On 27-01-2012 15:55, Piotr Szturmaj wrote:
 We need a solution to store confidential data like encryption keys or
 passwords securely.

 For example .NET has SecureString
 (http://msdn.microsoft.com/en-us/library/system.security.securestring.aspx).


 At bare minimum program must be able to mark memory regions as non
 pageable, so private data will not be paged to disk.

 On Windows there is VirtualLock/VirtualUnlock
 (http://msdn.microsoft.com/en-us/library/windows/desktop/aa366895%28v=vs.85%29.aspx).
 On *nixes there is mlock/munlock (http://linux.die.net/man/2/mlock).

 Also, regions marked as secure must be zeroed after deallocation.

 Should we make something like secure allocator in Phobos?

This can probably be included in Andrei's allocator design. - Alex
Jan 27 2012