[27720] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: When scrubbing secrets in memory doesn't work

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Nov 5 19:29:12 2002

To: "Michael Howard" <mikehow@microsoft.com>
From: "Perry E. Metzger" <perry@piermont.com>
Date: 05 Nov 2002 18:58:58 -0500
In-Reply-To: <4B0F3B603558B44B9F4608630B4F641105356B8E@red-msg-06.redmond.corp.microsoft.com>
Message-ID: <87k7jrd0vx.fsf@snark.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

"Michael Howard" <mikehow@microsoft.com> writes:
> On the surface, this looks fine, until you look at the ASM output, and
> you see the call to memset has been removed by the optimizer because
> szPwd is not read once the function completes. Hence, the secret data is
> still floating in memory.

Thats why you have to declare such data volatile -- to prevent
optimizers from becoming too anxious to help.

-- 
Perry E. Metzger		perry@piermont.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27720] in bugtraq

Re: When scrubbing secrets in memory doesn't work

daemon@ATHENA.MIT.EDU (Perry E. Metzger)Tue Nov 5 19:29:12 2002

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Nov 5 19:29:12 2002