Re: Password security question

From: Greg Copeland <greg(at)CopelandConsulting(dot)Net>
To: mlw <pgsql(at)mohawksoft(dot)com>
Cc: Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>, PostgresSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Password security question
Date: 2002-12-17 17:00:19
Message-ID: 1040144418.16087.152.camel@mouse.copelandconsulting.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers pgsql-hackers

On Tue, 2002-12-17 at 10:49, mlw wrote:
> Christopher Kings-Lynne wrote:
>
> >Hi guys,
> >
> >Just a thought - do we explicitly wipe password strings from RAM after using
> >them?
> >
> >I just read an article (by MS in fact) that illustrates a cute problem.
> >Imagine you memset the password to zeros after using it. There is a good
> >chance that the compiler will simply remove the memset from the object code
> >as it will seem like it can be optimised away...
> >
> >Just wondering...
> >
> >Chris
> >
> >
> Could you post that link? That seems wrong, an explicit memset certainly
> changes the operation of the code, and thus should not be optimized away.
>
> >
> >
>

I'd like to see the link too.

I can imagine that it would be possible for it to optimize it away if
there wasn't an additional read/write access which followed. In other
words, why do what is more or less a no-op if it's never accessed again.

--
Greg Copeland <greg(at)copelandconsulting(dot)net>
Copeland Computer Consulting

In response to

Responses

Browse pgsql-committers by date

  From Date Subject
Next Message Ken Hirsch 2002-12-17 17:11:21 Re: Password security question
Previous Message mlw 2002-12-17 16:49:47 Re: Password security question

Browse pgsql-hackers by date

  From Date Subject
Next Message Ken Hirsch 2002-12-17 17:11:21 Re: Password security question
Previous Message mlw 2002-12-17 16:49:47 Re: Password security question