[13705] in cryptography@c2.net mail archive
Re: Draft Edition of LibTomMath book
daemon@ATHENA.MIT.EDU (tom st denis)
Wed Jun 25 23:38:15 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 25 Jun 2003 16:37:35 -0700 (PDT)
From: tom st denis <tomstdenis@yahoo.com>
To: cryptography@metzdowd.com
In-Reply-To: <Pine.LNX.4.40.0306251631150.3381-100000@bolt.sonic.net>
--- bear <bear@sonic.net> wrote:
> One thing that I've noticed for a long time is that there
> are *VERY* few math libraries that don't leave whatever
> numbers they're working with in memory when deallocating
> (deallocating heap via free() or deallocating stack via
> returning from a procedure call or deallocating swapspace
> by getting paged back in off a disk).
>
> And numbers that an application leaves lying around in
> whatever working memory or media it's using, can be
> discovered and exploited by other programs - frequently
> by unauthorized ones.
Very true. LibTomMath will actually wipe the memory allocated [via
memset] before free'ing but I leave it up to the end user to lock their
heap from swapping.
Tom
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
