"Frederick Roeber" <[EMAIL PROTECTED]> schreef > > [was] special care was taken to avoid that the private key shows > > up plain-text in memory ? > > Yes, it was. Look at the code: the memory is explicitly zeroed after > use. > > In Stan, it even went to the point that the memory management calls -- > nss_ZAlloc, nss_ZFreeIf, nss_ZRealloc -- are only available in "zero the > memory" variants (that's what the "Z" is for). > > Of course, do note that if someone has the ability to scan your > program's memory, you are already in trouble. If your operating system > makes you particularly vulnerable, you should be aware that you are > particularly vulnerable.
Frederick, thanks for your reply. Tom.
