Passwords can sit on disk for years
Ben Laurie
ben at algroup.co.uk
Mon Jun 21 07:40:54 EDT 2004
jdean at lsuhsc.edu wrote:
> Ben Laurie wrote:
>
>
>>In OpenSSL we overwrite with random gunk for this reason.
>
>
> What? No compiler is smart enough to say, "The program
> sets these variables but they are never referenced again.
> I'll save time and not set them."
Sure it is, here's gcc -O3:
main()
{
int a=3;
}
becomes:
.file "xx.c"
.version "01.01"
gcc2_compiled.:
.text
.p2align 2,0x90
.globl main
.type main, at function
main:
pushl %ebp
movl %esp,%ebp
leave
ret
.Lfe1:
.size main,.Lfe1-main
.ident "GCC: (GNU) c 2.95.4 20020320 [FreeBSD]"
look, ma, no variables!
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list