Author: | tera-insights |
---|---|
Official Page: | Go to website |
Publish Date: | January 15, 2016 |
License: | MIT |
Description:
Secure implementation of password field. Stores password in a UInt8Array instead of string which can be wiped out securely. Uses key-presses as opposed to input fields.
Using ng-model stores the password string in memory. Clearing the ngModel via myPasswordString=” “; leaves the original entry in raw memory until the garbage collector kicks in (which cannot be invoked manually). So I used a combination of keyboardEvents to edit a Uint8Array and ng-repeats to simulate a full-sized password input field. Using Uint8Arrays allows direct memory access that can be more securely cleared.