I am creating a console application that would store some sensitive strings in memory, to be sent to the other client. In this case it is almost like a secure messenger (a few% insecurity would be acceptable), although not as complex.
Would accepting user input with (a function to accept one letter at a time for processing purposes such as finding key letters) in to a portion of memory that is allocated be completely unsecure, in terms of not being protected from other processes that may spy?
I am tempted to encode each character before sending it off to the string, although that seems a bit silly. Are there any methods to “lock” access to that malloc (at least to trivial attempts at memory viewing) or similar techniques to secure the string in memory?
Thank you.
I am open to many ideas, currently am just planning.
If you want true security in terms of preventing anyone from seeing what you have stored in memory then encrypting (or at least, obfuscating) each character as you read it is the way to go. Otherwise there is very little you can do to prevent a determined attacker from viewing your plaintext data in memory. In fact, I believe the Blu-ray master key was cracked due to a device that loaded an unencrypted representation of the key into its memory.