Passwords can sit on disk for years

Ben Laurie ben at algroup.co.uk
Mon Jun 21 07:40:54 EDT 2004


jdean at lsuhsc.edu wrote:

> Ben Laurie wrote:
> 
> 
>>In OpenSSL we overwrite with random gunk for this reason.
> 
> 
> What?  No compiler is smart enough to say, "The program
> sets these variables but they are never referenced again.
> I'll save time and not set them."

Sure it is, here's gcc -O3:

main()
     {
     int a=3;
     }

becomes:

         .file   "xx.c"
         .version        "01.01"
gcc2_compiled.:
.text
         .p2align 2,0x90
.globl main
                 .type            main, at function
main:
         pushl %ebp
         movl %esp,%ebp
         leave
         ret
.Lfe1:
                 .size            main,.Lfe1-main
         .ident  "GCC: (GNU) c 2.95.4 20020320 [FreeBSD]"

look, ma, no variables!

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list