OpenBSD has the explicit_bzero function to reliably (i.e. even if not observable in the C abstract machine) overwrite memory with zeroes.
WG14 is currently considering adding similar functionality to C2X. Considered options include: * A function like explicit_bzero or memset_explicit, that overwrites the memory with a known value. * A function like memclear, that overwrites the memory in an implementation-defined manner, possibly using random data. Is there a rationale why OpenBSD went with their explicit_bzero design? Were alternatives considered and rejected? Philipp
