On Thu, Apr 10, 2014 at 10:09:10AM -0700, Scott G. Kelly wrote: > Does heartbleed allow one to read (discarded, freed) physical memory > containing data from the OS and/or other processes in linux?
Yes. It doesn't clear memory when it is freed, so you may end up allocating memory that has old content in it, perhaps even from swap. This is why you should clear your memory that contained secret data before freeing it, and preferably keep secrets in locked memory. B. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
