More on in-memory zeroisation
Bodo Moeller
bmoeller at acm.org
Mon Dec 17 06:48:27 EST 2007
On Sun, Dec 09, 2007 at 07:16:22PM +1300, Peter Gutmann wrote:
> There was a discussion on this list a year or two back about problems in using
> memset() to zeroise in-memory data, specifically the fact that optimising
> compilers would remove a memset() on (apparently) dead data in the belief that
> it wasn't serving any purpose.
Actually this problem was discussed five years ago (October 2002) on
the vuln-dev mailing list:
http://www.securityfocus.com/archive/82/297827/30/0/threaded
http://msdn2.microsoft.com/en-us/library/ms972826.aspx
If the problem also was discussed here on the cryptography list a year
or two ago, I am afraid that my memory of this either has been zeroized,
or has been detected not to serve any purpose.
Bodo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list