On Tue, 2002-12-17 at 10:49, mlw wrote:
> Christopher Kings-Lynne wrote:
>
> >Hi guys,
> >
> >Just a thought - do we explicitly wipe password strings from RAM after using
> >them?
> >
> >I just read an article (by MS in fact) that illustrates a cute problem.
> >Imagine you memset the password to zeros after using it. There is a good
> >chance that the compiler will simply remove the memset from the object code
> >as it will seem like it can be optimised away...
> >
> >Just wondering...
> >
> >Chris
> >
> >
> Could you post that link? That seems wrong, an explicit memset certainly
> changes the operation of the code, and thus should not be optimized away.
>
> >
> >
>
I'd like to see the link too.
I can imagine that it would be possible for it to optimize it away if
there wasn't an additional read/write access which followed. In other
words, why do what is more or less a no-op if it's never accessed again.
--
Greg Copeland <greg@copelandconsulting.net>
Copeland Computer Consulting