George Staikos staikos at
Fri Nov 5 12:42:08 GMT 2004

On Thursday 04 November 2004 19:06, Ingo Klöcker wrote:
> > I notice the careful attention to using a char* for storing the
> > password, but is this really necessary?  I think QString is perfectly
> > acceptable - we have many other ways people can steal passwords from
> > memory anyway.
> Does the operating system clean memory pages after they are freed or
> before they are alloc'ed? If not, then an attacker could simply alloc
> memory and search it for freed passwords. By using char* this threat
> can be countered by zeroing the password before the memory is freed.
> The other threat is that passwords are written to the swap partition.
> This can only be countered by using mlock'ed char* memory. mlocking
> QString is impossible (unless you or Qt writes QSecureString).

  That's cool, we can provide a mechanism to prevent people from stealing 
passwords of out KPasswordDialog and instead force them to steal it from 
whatever uses KPasswordDialog. :)   Really.....  I know the argument you're 
making and I think it's rather pointless for this.  If someone needs a 
KSecuredButNotVeryUserFriendlyOri18nCompatiblePasswordDialog, they can use a 
separate one or a fork of the existing one made more secure.

George Staikos
KDE Developer
Staikos Computing Services Inc.

More information about the kde-core-devel mailing list