SecureZeroMemory. Security for certain usages.
Tsume
tsume at code-exec.net
Sat Mar 5 07:01:25 PST 2005
Hello dfusers,
I can understand where Microsoft is coming from
with the usage of deleteing sensitive data in
memory. I've a difficult time explaining it to
people however. Would someone like to explain
in an easier detail why using memset to 0 is bad?
The point is to help prevent sensitive data
from reaching the swapfile and coredumps. However,
I'm having trouble explaining to some people.
Its also a known issue in GCC. There was a fellow
last year who informed and shows examples how the
code acted and they just 'blew him off'.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure10102002.asp
Thanks in advance,
TSUME
More information about the Users
mailing list