More on in-memory zeroisation

Bodo Moeller bmoeller at
Mon Dec 17 06:48:27 EST 2007

On Sun, Dec 09, 2007 at 07:16:22PM +1300, Peter Gutmann wrote:

> There was a discussion on this list a year or two back about problems in using
> memset() to zeroise in-memory data, specifically the fact that optimising
> compilers would remove a memset() on (apparently) dead data in the belief that
> it wasn't serving any purpose.

Actually this problem was discussed five years ago (October 2002) on
the vuln-dev mailing list:

If the problem also was discussed here on the cryptography list a year
or two ago, I am afraid that my memory of this either has been zeroized,
or has been detected not to serve any purpose.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list