...
Sensitive data that is stored in memory can get written to disk (see next point for details wrt keeping sensitive data on disk) when a page is swapped out of the physical memory. You may be able to "lock" your data to keep it from swapping out. Your program will generally need administrative privileges to do this successfully, but it never hurts to try. Here's a simple way to lock memory when possible1#1:
| Code Block |
|---|
|
#include <sys/mman.h>
void *locking_alloc(size_t numbytes) {
static short have_warned = 0;
void *mem = malloc(numbytes);
if(mlock(mem, numbytes) && !have_warned) {
/* We probably do not have permission.
* Sometimes, it might not be possible to lock enough memory.
*/
fprintf(stderr, "Warning: Using insecure memory!\n");
have_warned = 1;
}
return mem;
}
|
...
See MEM06-C. Ensure that sensitive data is not written out to disk.
While using passwords, consider storing its hash instead of plaintext. Use the hash for comparisons and other purposes. The following code 1 #1 illustrates this:
| Code Block |
|---|
|
int validate(char *username) {
char *password;
char *checksum;
password = read_password();
checksum = compute_checksum(password);
erase(password);
return !strcmp(checksum, get_stored_checksum(username));
}
|
...
- If encrypting or hashing sensitive data, do not implement your own encryption functions (or library). Use proven secure crypto libraries which have been extensively tested for security.
- If using standard crypto libraries, be aware that there are certain requirements (documented with the library) for the key sizes and other properties. Choose keys satisfying these conditions.
- Do not store the encryption keys (you can derive the key from the hash of user's password or any other cryptographic mechanism provided 6.3 above condition holds). If the key is to be stored, store it securely.
...
Risk Assessment
If sensitive data is not handled correctly in a program, attacker can gain access to it.
...
Other Languages
References
* John Viega, Protecting sensitive data in memory, Feb 2001 * US DoD Standard 5220.22-M * Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory, July 1996 * Richard Lewis, Security considerations when handling sensitive data | Wiki Markup |
|---|
\[[MSDN|AA. C References#MSDN]\] [{{EncodePointer()}}|http://msdn.microsoft.com/en-us/library/bb432254(VS.85).aspx], [{{DecodePointer()}}|http://msdn.microsoft.com/en-us/library/bb432242(VS.85).aspx]
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="facb54ca-00d6-4d8b-9d90-0a9a87c6ce05"><ac:parameter ac:name="">1</ac:parameter></ac:structured-macro> John Viega, [Protecting sensitive data in memory| http://www.cgisecurity.com/lib/protecting-sensitive-data.html], Feb 2001
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aeab772b-347e-4c3a-90a5-8c750a132e75"><ac:parameter ac:name="">2</ac:parameter></ac:structured-macro> [US DoD Standard 5220.22-M | http://security.ouhsc.edu/docs/policies/approved/DoD_5220.doc]
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5a5deea-bae2-4719-bcaa-47e8cc81924a"><ac:parameter ac:name="">3</ac:parameter></ac:structured-macro> Peter Gutmann, [Secure Deletion of Data from Magnetic and Solid-State Memory|http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html], July 1996
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f19a6300-a04d-4fe7-8981-e086ea48612b"><ac:parameter ac:name="">4</ac:parameter></ac:structured-macro> Richard Lewis, [Security considerations when handling sensitive data | http://secureapps.blogspot.com/2006/10/security-considerations-when-handling.html]
