• Piotr Szturmaj (11/11) Jan 27 2012 We need a solution to store confidential data like encryption keys or
• =?UTF-8?B?QWxleCBSw7hubmUgUGV0ZXJzZW4=?= (3/14) Jan 27 2012 This can probably be included in Andrei's allocator design.

Piotr Szturmaj <bncrbme jadamspam.pl> writes:

We need a solution to store confidential data like encryption keys or 
passwords securely.

For example .NET has SecureString 
(http://msdn.microsoft.com/en-us/library/system.security.securestring.aspx).

At bare minimum program must be able to mark memory regions as non 
pageable, so private data will not be paged to disk.

On Windows there is VirtualLock/VirtualUnlock 
(http://msdn.microsoft.com/en-us/library/windows/desktop/aa366895
28v=vs.85%29.aspx). 
On *nixes there is mlock/munlock (http://linux.die.net/man/2/mlock).

Also, regions marked as secure must be zeroed after deallocation.

Should we make something like secure allocator in Phobos?

=?UTF-8?B?QWxleCBSw7hubmUgUGV0ZXJzZW4=?= <xtzgzorex gmail.com> writes:

On 27-01-2012 15:55, Piotr Szturmaj wrote:
 We need a solution to store confidential data like encryption keys or
 passwords securely.

 For example .NET has SecureString
 (http://msdn.microsoft.com/en-us/library/system.security.securestring.aspx).


 At bare minimum program must be able to mark memory regions as non
 pageable, so private data will not be paged to disk.

 On Windows there is VirtualLock/VirtualUnlock
 (http://msdn.microsoft.com/en-us/library/windows/desktop/aa366895%28v=vs.85%29.aspx).
 On *nixes there is mlock/munlock (http://linux.die.net/man/2/mlock).

 Also, regions marked as secure must be zeroed after deallocation.

 Should we make something like secure allocator in Phobos?

This can probably be included in Andrei's allocator design.

- Alex