An article by Michael Howard (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure10102002.asp) points out that when memset used to clear sensitive information like keys out of RAM, the memset (or equivalent code) can be optimized away by the compiler.
He proposes three possible solutions: * Touch the memory after the memset * Replace memset with code that is not optimizable * Turn off optimizations for the secret clearing code Two of these solutions involved using the keyword volatile. A discussion on vuln-dev takes this further (I found it at http://online.securityfocus.com/archive/82/298061/2002-10-28/2002-11-03/1) and serious doubt is cast on using volatile. No 100% clear solution emerges. This seems fairly serious and I see plain old memset used in OpenSSL to remove sensitive data. Some combination of volatile, external memory clearing function, and filling with volatile data (like the time) might be sufficient. Comments from any of the developers? __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
