Christopher Kings-Lynne wrote:
>Hi guys,
>
>Just a thought - do we explicitly wipe password strings from RAM after using
>them?
>
>I just read an article (by MS in fact) that illustrates a cute problem.
>Imagine you memset the password to zeros after using it. There is a good
>chance that the compiler will simply remove the memset from the object code
>as it will seem like it can be optimised away...
>
>Just wondering...
>
>Chris
>
>
Could you post that link? That seems wrong, an explicit memset certainly
changes the operation of the code, and thus should not be optimized away.
>
>