In message <[EMAIL PROTECTED]> on Fri, 22 Nov 2002 23:28:27 +1100, mlh
<[EMAIL PROTECTED]> said:
mlh> Rich Salz wrote:
mlh> >>I still see it as a problem, since the data then
mlh> >>potentially sticks around for a longer time, and is therefore
mlh> >>retrievable for anyone who cracked root if that would happen.
mlh> >
mlh> >
mlh> > Anyone who can crack root will just install a trojan openssl library,
mlh> > anyway. Seems little point in holding up a release for this.
mlh> > /r$
mlh>
mlh> Agreed. It's not even clear you can prevent this
mlh> sort of optimisation.
I thought making a memset() look-alike (somewhere in the discussion,
"setmem()" was proposed) was enough to prevent it. No?
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
