[EMAIL PROTECTED] wrote:
And of course, the article didn't get it right. Because of optimizing compilers, it is *not* trivial to zero passwords.
In OpenSSL we overwrite with random gunk for this reason.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]