Greg Copeland wrote:
>On Tue, 2002-12-17 at 10:49, mlw wrote:
>
>
>>Christopher Kings-Lynne wrote:
>>
>>
>>
>>>Hi guys,
>>>
>>>Just a thought - do we explicitly wipe password strings from RAM after using
>>>them?
>>>
>>>I just read an article (by MS in fact) that illustrates a cute problem.
>>>Imagine you memset the password to zeros after using it. There is a good
>>>chance that the compiler will simply remove the memset from the object code
>>>as it will seem like it can be optimised away...
>>>
>>>Just wondering...
>>>
>>>Chris
>>>
>>>
>>>
>>>
>>Could you post that link? That seems wrong, an explicit memset certainly
>>changes the operation of the code, and thus should not be optimized away.
>>
>>
>>
>>>
>>>
>>>
>>>
>
>I'd like to see the link too.
>
>I can imagine that it would be possible for it to optimize it away if
>there wasn't an additional read/write access which followed. In other
>words, why do what is more or less a no-op if it's never accessed again.
>
>
It has been my experience that the MSC optimizer uses a patented
Heisenberg optimizer. :)
>
>
>