RE: Credentials held unencrypted in memory during runtime

From: Bob Archer <Bob.Archer_at_amsi.com>
Date: Tue, 12 Apr 2011 15:29:40 -0400

> On Apr 12, 2011, at 2:05 PM, Ron Wilson wrote:
> > When the background process starts, a new session key should be
> > generated, then each new entry in the cache should use a salt or
> an
> > initialization vector. The salt or initialization vector for a
> given
> > entry can be stored with the entry. When an entry is needed, the
> > session key and the salt or the initialization vector are used
> > together to decrypt the entry.
>
> How is this supposed to work for the next session? I have these
> entries encrypted with a session key which no longer exists. How do
> I decrypt them now?

I think what he is saying is rather than store the cleartext password store it in memory encrypted for that session.

I still have to agree with a previous poster.. how did he find his password... did he search for his password? I'm not sure a hacker would be able to do that.

BOb

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719187

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-12 21:29:48 CEST

This message: [ Message body ]
Next message: Ron Wilson: "Re: Credentials held unencrypted in memory during runtime"
Previous message: Stefan Küng: "Re: SubWCRev and ternary keywords and $WCRANGE$ colon"
In reply to: David Huang: "Re: Credentials held unencrypted in memory during runtime"
Next in thread: Ron Wilson: "Re: Credentials held unencrypted in memory during runtime"
Reply: Ron Wilson: "Re: Credentials held unencrypted in memory during runtime"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]