Re: Passwords can sit on disk for years
On Monday 14 June 2004 13:31, [EMAIL PROTECTED] wrote: Ben Laurie wrote: In OpenSSL we overwrite with random gunk for this reason. What? No compiler is smart enough to say, The program sets these variables but they are never referenced again. I'll save time and not set them. Most modern compilers can do flow analysis. The common case is that the variable is a local variable in some function, and even very simplistic flow analysis will detect the case that a variable is dead, i.e. that its value will never be used. All operations on a dead variable, like overwriting its value will be removed by the compiler. The same is true for instance variables in most object-oriented languages. Ernst Lippe - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)
On Mon, 15 Dec 2003 19:02:06 -0500 (EST) Jerrold Leichter [EMAIL PROTECTED] wrote: However, this advantage is there only because there are so few smart cards, and so few smart card enabled applications, around. It is not really true that there are so few smartcards. Almost every mobile phone contains one (the SIM module is a smartcard). Also the situation in Europe is quite different from the USA. Electronic purses on smart cards are pretty common here, especially in France and the Netherlands, where most adults have at least one. But it is true that there are only very few smart card enabled applications. I have worked on several projects for multifunctional use of these smart cards and almost all of them were complete failures. Ernst Lippe - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]