[15611] in cryptography@c2.net mail archive
Re: Passwords can sit on disk for years
daemon@ATHENA.MIT.EDU (Ernst Lippe)
Mon Jun 14 16:24:26 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 14 Jun 2004 20:35:52 +0200
From: Ernst Lippe <ernstl@planet.nl>
In-reply-to: <EXCHMX2YixMwInhdAHx00001b7e@relay.lsuhsc.edu>
To: jdean@lsuhsc.edu, cryptography@metzdowd.com
Cc: ben@algroup.co.uk
On Monday 14 June 2004 13:31, jdean@lsuhsc.edu wrote:
> Ben Laurie wrote:
> > In OpenSSL we overwrite with random gunk for this reason.
>
> What? No compiler is smart enough to say, "The program
> sets these variables but they are never referenced again.
> I'll save time and not set them."
Most modern compilers can do flow analysis. The common case is
that the variable is a local variable in some function, and
even very simplistic flow analysis will detect the case that
a variable is "dead", i.e. that its value will never be used.
All operations on a dead variable, like overwriting its
value will be removed by the compiler.
The same is true for instance variables in most object-oriented
languages.
Ernst Lippe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
