[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Avoiding having sensitive strings interned
- From: Luiz Henrique de Figueiredo <lhf@...>
- Date: Wed, 7 Nov 2012 16:24:11 -0200
> I'm working on a web framework for Lua and I want to implement some sort of
> functionality that allows passwords to be verified without them ever
> actually being used in Lua, so they aren't interned then forever stored in
> memory.
Store a digest of each password instead of the password itself.
Send passwords to Lua as numbers (ie the raw bytes).
In Lua convert each byte to a single-char string and update a digest.
At the end compare the computed digest with the stored digest.
My md5 library supports several digests and supports updates.
