[Cryptography] Construction of cryptographic software.
Krisztián Pintér
pinterkr at gmail.com
Wed Dec 3 12:14:51 EST 2014
Anton Titov (at Wednesday, December 3, 2014, 10:28:43 AM):
> Are you aware of any OS that will pass free-d pages to another program
> without zeroing them out first?
short answer: no
long answer: win95 family did
however, a similar issue is paging. and windows happily writes
anything into the page file, and leaves it there indefinitely.
hybernation works in a similar manner.
another similar issue is old office versions putting unused memory in
saved documents. obviously, it can't leak secrets in other processes,
but can leak database passwords, or passwords of other documents
handled in the same session. office does not do that anymore, but
other programs might.
More information about the cryptography
mailing list