lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <438CA29F.50709@parareal.net>
Date: Tue Nov 29 18:48:43 2005
From: sloik at parareal.net (Jaroslaw Sajko)
Subject: Google Talk cleartext credentials in process
	memory

Nasko Oskov wrote:

> If you want to protect the credentials in memory from dumps that go to
> Microsoft, why not use CryptProtectMemory() instead of home-grown
> obfuscation? This function encrypts the memory with a key that changes
> over reboots, so even if you send a dump to MS, they wouldn't know how
> to decrypt it.

Yes, it is possible.

regards,
js

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ