SecureZeroMemory. Security for certain usages.

Tsume tsume at code-exec.net
Sat Mar 5 07:01:25 PST 2005


Hello dfusers,

I can understand where Microsoft is coming from
with the usage of deleteing sensitive data in
memory. I've a difficult time explaining it to
people however. Would someone like to explain
in an easier detail why using memset to 0 is bad?
The point is to help prevent sensitive data
from reaching the swapfile and coredumps. However,
I'm having trouble explaining to some people.
Its also a known issue in GCC. There was a fellow
last year who informed and shows examples how the
code acted and they just 'blew him off'.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure10102002.asp

Thanks in advance,

TSUME





More information about the Users mailing list