Re: [HACKERS] Password security question

2002-12-17 Thread mlw
Greg Copeland wrote: On Tue, 2002-12-17 at 10:49, mlw wrote: Christopher Kings-Lynne wrote: Hi guys, Just a thought - do we explicitly wipe password strings from RAM after using them? I just read an article (by MS in fact) that illustrates a cute problem. Imagine you memset the passw

Re: [HACKERS] Password security question

2002-12-17 Thread mlw
Ken Hirsch wrote: http://msdn.microsoft.com/library/en-us/dncode/html/secure10102002.asp Well, OK, that isn't as bizarre as one could have expected. ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster

Re: [HACKERS] Password security question

2002-12-17 Thread Greg Copeland
On Tue, 2002-12-17 at 11:11, Ken Hirsch wrote: > http://msdn.microsoft.com/library/en-us/dncode/html/secure10102002.asp > > > ---(end of broadcast)--- > TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED] Thanks. Seems I hit the nai

Re: [HACKERS] Password security question

2002-12-17 Thread Ken Hirsch
http://msdn.microsoft.com/library/en-us/dncode/html/secure10102002.asp ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Re: [HACKERS] Password security question

2002-12-17 Thread Greg Copeland
On Tue, 2002-12-17 at 10:49, mlw wrote: > Christopher Kings-Lynne wrote: > > >Hi guys, > > > >Just a thought - do we explicitly wipe password strings from RAM after using > >them? > > > >I just read an article (by MS in fact) that illustrates a cute problem. > >Imagine you memset the password to z

Re: [HACKERS] Password security question

2002-12-17 Thread mlw
Christopher Kings-Lynne wrote: Hi guys, Just a thought - do we explicitly wipe password strings from RAM after using them? I just read an article (by MS in fact) that illustrates a cute problem. Imagine you memset the password to zeros after using it. There is a good chance that the compiler

Re: [HACKERS] Password security question

2002-12-16 Thread Gavin Sherry
On Tue, 17 Dec 2002, Christopher Kings-Lynne wrote: > Hi guys, > > Just a thought - do we explicitly wipe password strings from RAM after using > them? > > I just read an article (by MS in fact) that illustrates a cute problem. > Imagine you memset the password to zeros after using it. There is

[HACKERS] Password security question

2002-12-16 Thread Christopher Kings-Lynne
Hi guys, Just a thought - do we explicitly wipe password strings from RAM after using them? I just read an article (by MS in fact) that illustrates a cute problem. Imagine you memset the password to zeros after using it. There is a good chance that the compiler will simply remove the memset from