From RISKS: secret scrubbing code removed by optimizers

Darren Tucker dtucker at
Fri Nov 8 09:34:59 EST 2002

This showed up in RISKS and no one has mentioned it here yet, so..

OpenSSH contains lots of code like:

char *password = read_passphrase(prompt, 0);
[do stuff]
memset(password, 0, strlen(password));

More information about the openssh-unix-dev mailing list