Re: More on in-memory zeroisation
On Tue, 11 Dec 2007, Leichter, Jerry wrote: You can almost, but not quite, get the desired effect for memory zero- ization with volatile. I thought that this was guaranteed to work: volatile char buf[SIZE]; /* ... do stuff with buf ... */ memset(buf, 0, sizeof(buf)); --apb (Alan Barrett) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: ID theft -- so what?
On Fri, 22 Jul 2005, Jerrold Leichter wrote: The banks, operating through the clearing agents, could if they wished impose a requirement on the way names appear in billing statements, regardless of how the names appear on contracts. Alternatively, they could at least require that an end-user-familiar name be made available in whatever database records all merchants, which the banks obviously have access to. A bank once told me that it was impossible for them to convert from an unintelligible name on a credit card statement into any other kind of name whatsoever (and certainly not into an end-user-familiar name), and impossible for them to show me a copy of any document whatsoever that might be related to the charge; however, they said that if I repudiated the charge, then they could get a copy of the voucher or other documents. So I repudiated the charge, but the bank was still unable or unwilling to show me the promised copies of relevant documents. The merchant eventually contacted me about the repudiated charge. --apb (Alan Barrett) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
On Sat, 23 Oct 2004, Aaron Whitehouse wrote: Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. How much difference is there, practically, between this and using a smartcard credit card in an external reader with a keypad? Aside from the weight of the 'computer' in your pocket... The risks of using *somebody else's keypad* to type passwords or instructions to your smartcard, or using *somebody else's display* to view output that is intended to be private, should be obvious. --apb (Alan Barrett) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]