More on in-memory zeroisation

Peter Gutmann pgut001 at
Mon Dec 17 06:52:13 EST 2007

Bodo Moeller <bmoeller at> writes:
>On Sun, Dec 09, 2007 at 07:16:22PM +1300, Peter Gutmann wrote:
>> There was a discussion on this list a year or two back about problems in using
>> memset() to zeroise in-memory data, specifically the fact that optimising
>> compilers would remove a memset() on (apparently) dead data in the belief that
>> it wasn't serving any purpose.
>Actually this problem was discussed five years ago (October 2002) on the
>vuln-dev mailing list:

When I said "a year or two" I meant for large values of two.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list