Hello, we are making a program and part of it needs to be protected by a password. The password will be modifiable, saved to disk, loaded from disk to RAM, and kept in RAM to compare to user entry.
I haven't had occasion to research this much, so looking for some pointers: what are the ways to design this (very typical mechanism) to be cyber-secure, aka hacker-proof?
Of course when we save the password to disk we will encrypt it somehow, and also disguise it as part of something else (i.e., we will not have a config file called "password.txt"). But I also have heard that hackers have ways to get at passwords when they are stored in RAM at login time for comparison purposes (don't know precise details, but I presumed it had to do with using buffer overrun exploits and the like to get chunks of RAM, and then somehow they deduce the password data).
Anyway, I'm looking for ideas on protecting both (a) the disk storage and (b) the loading/using in RAM -- unless someone can convince me that I was sold a bill of goods and hackers can't get the RAM.
Thanks for any thoughts or (specific as possible) research pointers for this.