Greg Copeland wrote:
On Tue, 2002-12-17 at 10:49, mlw wrote:
Christopher Kings-Lynne wrote:
Hi guys,
Just a thought - do we explicitly wipe password strings from RAM after using
them?
I just read an article (by MS in fact) that illustrates a cute problem.
Imagine you memset the password to zeros after using it. There is a good
chance that the compiler will simply remove the memset from the object code
as it will seem like it can be optimised away...
Just wondering...
Chris
Could you post that link? That seems wrong, an explicit memset certainly
changes the operation of the code, and thus should not be optimized away.
I'd like to see the link too.
I can imagine that it would be possible for it to optimize it away if
there wasn't an additional read/write access which followed. In other
words, why do what is more or less a no-op if it's never accessed again.
It has been my experience that the MSC optimizer uses a patented
Heisenberg optimizer. :)
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
