Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Re: Password security question
On Tue, 2002-12-17 at 10:49, mlw wrote: > Christopher Kings-Lynne wrote: > > >Hi guys, > > > >Just a thought - do we explicitly wipe password strings from RAM after using > >them? > > > >I just read an article (by MS in fact) that illustrates a cute problem. > >Imagine you memset the password to zeros after using it. There is a good > >chance that the compiler will simply remove the memset from the object code > >as it will seem like it can be optimised away... > > > >Just wondering... > > > >Chris > > > > > Could you post that link? That seems wrong, an explicit memset certainly > changes the operation of the code, and thus should not be optimized away. > > > > > > I'd like to see the link too. I can imagine that it would be possible for it to optimize it away if there wasn't an additional read/write access which followed. In other words, why do what is more or less a no-op if it's never accessed again. -- Greg Copeland <greg(at)copelandconsulting(dot)net> Copeland Computer Consulting
In response to
- Re: Password security question at 2002-12-17 16:49:47 from mlw
Responses
- Re: Password security question at 2002-12-17 17:11:21 from Ken Hirsch
- Re: Password security question at 2002-12-17 18:30:21 from mlw
pgsql-hackers by date
Next: From: Ken Hirsch Date: 2002-12-17 17:11:21 Subject: Re: Password security question Previous: From: mlw Date: 2002-12-17 16:49:47 Subject: Re: Password security question
pgsql-committers by date
Next: From: Ken Hirsch Date: 2002-12-17 17:11:21 Subject: Re: Password security question Previous: From: mlw Date: 2002-12-17 16:49:47 Subject: Re: Password security question