All Blogs

Life (56)
Technology (131)
- Coding Corner (64)
  - Docbook (7)
  - Summer of Code 06 (0)
- Desktop (93)
- Ivman (3)
- Linux (90)
- Networks (14)

RealNitro's Blog

Coding (9)
Fun (2)
Gaming (4)
- CUBE (3)
- Max Payne (0)
- RTCW:ET (2)
Life (11)
Linux (7)
Webdesign (4)

Peter's Blog

Free Software (9)
- Jabber (4)
- Linux (9)
  - My Gentoo (19)
  - Ubuntu@AMD64 (4)
- Workgroup Free Software (4)
Internet & Blogs (12)
Life & Fun (47)
Politics (16)
- EU Software Patents (8)
- N-VA (4)
Studies (23)
- Siemens (13)
UGent & Stuver (18)
VTK (10)

Last comments

- louboutin on Crosswords
- rhinestone motif on OOo2 on 770
- richard on OpenOffice rant
- Tom on GOB signals walkthrough
- Tom on GOB signals walkthrough

March 2006
Sun	Mon	Tue	Wed	Thu	Fri	Sat
<< <	Current	> >>
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25

Archives for: March 2006

03/04/06

Getting rid of a password string

@Philip:
During your talk at FOSDEM you showed some of the Tinymail code, eg the Account Store implementation on top of GConf.
Something in there took my attention: in per_account_forget_pass_func you memset the password to 0's, and free it. The day before I was working on a new IMAP server installation based on Dovecot, and while browsing the website I came across the Secure Coding techniques used by the author.
One of the parts I remembered:

When dealing with passwords and such, erase them from memory after you
don't need it anymore. Note that such memset() may be optimized away by
compiler, use safe_memset().

Where safe_memset is basicly a braindead simple re-implementation of memset. Might be interesting ;-)
It's useful to read the whole text anyway for everyone dealing with C code that needs a certain level of secure string handling.

Oh well, back to Dia.

. Ikke . 01:00:39 pm . 199 Words . Technology, Coding Corner . . 1148 views . 3 comments

All Blogs

Ikke's Blog

Fedora Stateless @ UGent

RealNitro's Blog

Peter's Blog

Who's Online?

Archives for: March 2006

03/04/06