Bugtraq mailing list archives
Re: When scrubbing secrets in memory doesn't work
From: "Perry E. Metzger" <perry () piermont com>
Date: 05 Nov 2002 18:58:58 -0500
"Michael Howard" <mikehow () microsoft com> writes:
On the surface, this looks fine, until you look at the ASM output, and you see the call to memset has been removed by the optimizer because szPwd is not read once the function completes. Hence, the secret data is still floating in memory.
Thats why you have to declare such data volatile -- to prevent optimizers from becoming too anxious to help. -- Perry E. Metzger perry () piermont com
Current thread:
- When scrubbing secrets in memory doesn't work Michael Howard (Nov 05)
- Re: When scrubbing secrets in memory doesn't work Perry E. Metzger (Nov 05)
- Re: When scrubbing secrets in memory doesn't work Andy Polyakov (Nov 07)
- Re: When scrubbing secrets in memory doesn't work Gianni Tedesco (Nov 07)
- Re: When scrubbing secrets in memory doesn't work Valdis . Kletnieks (Nov 08)
- Re: When scrubbing secrets in memory doesn't work Michael Zimmermann (Nov 09)
- Re: When scrubbing secrets in memory doesn't work Jan Echternach (Nov 14)
- <Possible follow-ups>
- When scrubbing secrets in memory doesn't work Michael Howard (Nov 09)
- RE: When scrubbing secrets in memory doesn't work Michael Wojcik (Nov 12)
- RE: When scrubbing secrets in memory doesn't work Michael Wojcik (Nov 17)
- Re: When scrubbing secrets in memory doesn't work Nicholas Weaver (Nov 18)
- Re: When scrubbing secrets in memory doesn't work Richard Moore (Nov 20)
- Re: When scrubbing secrets in memory doesn't work Nicholas Weaver (Nov 18)
(Thread continues...)
- Re: When scrubbing secrets in memory doesn't work Perry E. Metzger (Nov 05)