January 27, 2012 Secure memory support | ||||
|---|---|---|---|---|
| ||||
 | We need a solution to store confidential data like encryption keys or passwords securely. For example .NET has SecureString (http://msdn.microsoft.com/en-us/library/system.security.securestring.aspx). At bare minimum program must be able to mark memory regions as non pageable, so private data will not be paged to disk. On Windows there is VirtualLock/VirtualUnlock (http://msdn.microsoft.com/en-us/library/windows/desktop/aa366895%28v=vs.85%29.aspx). On *nixes there is mlock/munlock (http://linux.die.net/man/2/mlock). Also, regions marked as secure must be zeroed after deallocation. Should we make something like secure allocator in Phobos? | |||
Permalink
ReplyJanuary 27, 2012 Re: Secure memory support | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Piotr Szturmaj | On 27-01-2012 15:55, Piotr Szturmaj wrote:
> We need a solution to store confidential data like encryption keys or
> passwords securely.
>
> For example .NET has SecureString
> (http://msdn.microsoft.com/en-us/library/system.security.securestring.aspx).
>
>
> At bare minimum program must be able to mark memory regions as non
> pageable, so private data will not be paged to disk.
>
> On Windows there is VirtualLock/VirtualUnlock
> (http://msdn.microsoft.com/en-us/library/windows/desktop/aa366895%28v=vs.85%29.aspx).
> On *nixes there is mlock/munlock (http://linux.die.net/man/2/mlock).
>
> Also, regions marked as secure must be zeroed after deallocation.
>
> Should we make something like secure allocator in Phobos?
This can probably be included in Andrei's allocator design.
- Alex
| |||
Copyright © 1999-2021 by the D Language Foundation