[15605] in cryptography@c2.net mail archive
Re: Passwords can sit on disk for years
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Jun 14 13:19:25 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 14 Jun 2004 12:19:34 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: jdean@lsuhsc.edu
Cc: cryptography@metzdowd.com, cryptography23094893@aquick.org
In-Reply-To: <EXCHMX2yfyz5b6KZmcK00004c8d@relay.lsuhsc.edu>
jdean@lsuhsc.edu wrote:
> And of course, the article didn't get it right. Because of optimizing
> compilers, it is *not* trivial to zero passwords.
In OpenSSL we overwrite with random gunk for this reason.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
