I am creating a c++ class that handles a username and password.
I was trying to do some research on some rudimentary, but effective practices for me to handle this information, in c++, so it can't be easily found by someone, for example, scanning memory and variables to determine the information.
By rudimentary, I mean something that would not take a lot of work; I don't want to program an entire cryptography library, random addressing system, or even a hashing function.
Also, i'm assuming it would be better to not even maintain this information in a variable, and get rid of it as soon as I do not need it?
Edit:
No, I would not be saving this information to disk, only keeping it in variables in memory.
Edit2:
The class is platform independent and uses boost.
Edit3:
here is the declaration for the function:
void authenticate(const std::string & user, const std::string & pass);
No rudimentary technique will protect a password from someone who has a debuger and can access the memory !
The safest way is therefore not to store the password, but only a hash of it. There are many implementations available as for example this open source one from a trusted source.
And yes, erase your variable when you no longer need it. I.E: OVERWRITE the value, not just destroy the variable (and if you want to be really on the safe side, you'd write random values on it, but that's overkill here):
If it's a string, it's worth mentionning VoidStars advice:
string pwd;
....
std::fill_n(&pwd[0], pwd.capacity()-1, 0xff); // really overwrite