Password cache in memory

csharpmania · November 3, 2012, 11:55pm

Hi,
I can see warning from TrustConnect. Message on end of this text. What should i do to protect and encrytp all of my network traffic from others ?

Warning Message which i got :
"this configuration may cache passwords in memory – use the auth-nocache option "

dlimonov · November 5, 2012, 7:55am

Hi,
This option is used for user’s convenience to prolong the session automatically.
If you disable this option you would have to re-enter your password
every 30 minutes because the TLS ciphers need to be renewed.
The password is stored in TrustConnect memory space, which is unlikely to be accessible
for viruses and other malware.

kama50 · April 25, 2013, 8:04pm

I am interested in getting further clarification on the meaning of:

WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this

In the previous post, it implies that the purpose is just to keep one logged in, and I suppose logged into TrustConnect. However, if that is the case, then shouldn’t there only be ONE password to worry about? Why is the comment referring to multiple passwords?

It sure would be nice to know exactly who is caching this information, where, and why. After all, the whole purpose is for security, so when you see a message like this, it doesn’t make one feel warm and fuzzy.

dlimonov · April 26, 2013, 7:33am

If –auth-nocache isn’t specified, TrustConnect saves the username/password in memory.
That means that, if the connection is lost and TrustConnect needs to reconnect (which it usually does automatically), it won’t have to ask you - it will retrieve username/password from memory and send them to the server automatically, without bothering you.
WARNING: this configuration may cache passwords in memory… - this is just a warning that means it would be theoretically possible to steal your password, should someone have access to your virtual memory (windows pagefile). It’s very unlikely.
Directive –auth-nocache should be used to prevent cache password in memory. If specified, this directive will cause TrustConnect to immediately forget username/password inputs after they are used.
As a result, when TrustConnect needs a username/password, it will prompt for input from stdin, which may be multiple times during the duration of an TrustConnect session.

However, if that is the case, then shouldn't there only be ONE password to worry about?

This refers to only one password.