1

How can I retrieve a password from user input in Lua in a way that it can securely be deleted from memory after the program is done using the password?

This is a followup to: lua aes encryption

How can I convert a password to hexadecimals in lua?

A simple example would be:

"pass" becomes {0x70,0x61,0x73,0x73}

Community
  • 1
  • 1
user1058431
  • 185
  • 1
  • 3
  • 12

1 Answers1

1

What do you mean by "hexadecimals"? Do you want to convert pass to a string containing #pass*2 hexadecimal characters? Then you want this:

function toHex(s)
    return (string.gsub(s, ".", function (c)
        return string.format("%02X", string.byte(c))
      end))
end
print(toHex('password')) --> 70617373776F7264

Or do you want a table of numbers, where each number is one character code (byte)? Then you want this:

function toBytes(s)
    return {string.byte(s, 1, #s)}
end
print(table.concat(toBytes('password'), ',')) --> 112,97,115,115,119,111,114,100
Michal Kottman
  • 16,375
  • 3
  • 47
  • 62
  • Thanks for replying. But what I mean is basically create a "char" table in lua. Which is supposed to get zerod after using it thus erasing it from memory so that the password cannot be retrieved. Because lua uses immutable strings, this is a problem because it can "easily" be retrieved. Tables are "mutable" so hence the reason for choosing a table. But I cannot use strings. I hope it clarifies it a bit. It comes from the followup topic. – user1058431 Jan 29 '12 at 21:23
  • Then you would want to use a variant of the second form. Note that what is important is how the user enters the password - if you use simple read from stdin, unless you read by bytes you will already have the string in memory. – Michal Kottman Jan 29 '12 at 21:26
  • Yes that is a problem as well. But thanks for the solution. I will try it out. – user1058431 Jan 29 '12 at 21:49