Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep passwords out of unprotected swap memory #18

Open
Vlix opened this issue May 11, 2020 · 0 comments
Open

Keep passwords out of unprotected swap memory #18

Vlix opened this issue May 11, 2020 · 0 comments
Labels
enhancement New feature or request

Comments

@Vlix
Copy link
Collaborator

Vlix commented May 11, 2020
edited
Loading

A friend of mine pointed to this security issue, though it's not very likely to happen.
Having passwords leak into swap memory is a potential security risk, as swap memory is open to more attack vectors than RAM is.
The following module has a way of keeping certain parts in RAM via C functions and malloc, ForeignPtrs, etc.
EDIT: after mlock is also implemented, that's something they're still working on, apparently

This will need a lot of testing to make sure nothing crashes etc. But is a nice to have at some point.

EDIT: We're probably not gonna be able to keep everything out of swap memory anyway, since we need Haskell ByteStrings to use the cryptonite functions (or if passwords come in through JSON, it's already potentially in there). So this might just keep it out of swap memory a.m.a.p.
Definitely needs an effort vs. gain analysis.
@Vlix Vlix added the enhancement New feature or request label May 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Vlix