Re: More on in-memory zeroisation

Thread: Re: More on in-memory zeroisation

Search this list only Search all lists
Re: More on in-memory zeroisation
	2007-12-17 05:48:27
On Sun, Dec 09, 2007 at 07:16:22PM +1300, Peter Gutmann wrote: > There was a discussion on this list a year or two back about problems in using > memset() to zeroise in-memory data, specifically the fact that optimising > compilers would remove a memset() on (apparently) dead data in the belief that > it wasn't serving any purpose. Actually this problem was discussed five years ago (October 2002) on the vuln-dev mailing list: http://www.securityfocus.com/archive/82/297827/30/0/ threaded http://msdn2.microsoft.com/en-us/library/ms972826.aspx If the problem also was discussed here on the cryptography list a year or two ago, I am afraid that my memory of this either has been zeroized, or has been detected not to serve any purpose. Bodo ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

Re: More on in-memory zeroisation
New Zealand	2007-12-17 05:52:13
Bodo Moeller <bmoelleracm.org> writes: >On Sun, Dec 09, 2007 at 07:16:22PM +1300, Peter Gutmann wrote: >> There was a discussion on this list a year or two back about problems in using >> memset() to zeroise in-memory data, specifically the fact that optimising >> compilers would remove a memset() on (apparently) dead data in the belief that >> it wasn't serving any purpose. > >Actually this problem was discussed five years ago (October 2002) on the >vuln-dev mailing list: When I said "a year or two" I meant for large values of two. Peter. ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )