Thu Nov 2 09:08:48 EST 2006
"clearing sensitive information such as encryption keys from memory may
not work as expected because an optimising compiler removes the memset()
if it decides it's redundant."
"When compiled with any level of optimisation using gcc, the key
clearing call goes away because of dead code elimination."
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev