Thread: Password security question

Password security question

From
"Christopher Kings-Lynne"
Date:
Hi guys,

Just a thought - do we explicitly wipe password strings from RAM after using
them?

I just read an article (by MS in fact) that illustrates a cute problem.
Imagine you memset the password to zeros after using it.  There is a good
chance that the compiler will simply remove the memset from the object code
as it will seem like it can be optimised away...

Just wondering...

Chris



Re: Password security question

From
Gavin Sherry
Date:
On Tue, 17 Dec 2002, Christopher Kings-Lynne wrote:

> Hi guys,
> 
> Just a thought - do we explicitly wipe password strings from RAM after using
> them?
> 
> I just read an article (by MS in fact) that illustrates a cute problem.
> Imagine you memset the password to zeros after using it.  There is a good
> chance that the compiler will simply remove the memset from the object code
> as it will seem like it can be optimised away...

Bugtraq discussion claims that GCC >=3 are not affected by this. Variables
which are affected by code that cannot be optimised away should be marked
volitile anyway.

Gavin



Re: Password security question

From
mlw
Date:

Christopher Kings-Lynne wrote:

>Hi guys,
>
>Just a thought - do we explicitly wipe password strings from RAM after using
>them?
>
>I just read an article (by MS in fact) that illustrates a cute problem.
>Imagine you memset the password to zeros after using it.  There is a good
>chance that the compiler will simply remove the memset from the object code
>as it will seem like it can be optimised away...
>
>Just wondering...
>
>Chris
>  
>
Could you post that link? That seems wrong, an explicit memset certainly 
changes the operation of the code, and thus should not be optimized away.

>  
>




Re: Password security question

From
Greg Copeland
Date:
On Tue, 2002-12-17 at 10:49, mlw wrote:
> Christopher Kings-Lynne wrote:
> 
> >Hi guys,
> >
> >Just a thought - do we explicitly wipe password strings from RAM after using
> >them?
> >
> >I just read an article (by MS in fact) that illustrates a cute problem.
> >Imagine you memset the password to zeros after using it.  There is a good
> >chance that the compiler will simply remove the memset from the object code
> >as it will seem like it can be optimised away...
> >
> >Just wondering...
> >
> >Chris
> >  
> >
> Could you post that link? That seems wrong, an explicit memset certainly 
> changes the operation of the code, and thus should not be optimized away.
> 
> >  
> >
> 

I'd like to see the link too.

I can imagine that it would be possible for it to optimize it away if
there wasn't an additional read/write access which followed.  In other
words, why do what is more or less a no-op if it's never accessed again.


-- 
Greg Copeland <greg@copelandconsulting.net>
Copeland Computer Consulting



Re: Password security question

From
Greg Copeland
Date:
On Tue, 2002-12-17 at 11:11, Ken Hirsch wrote:
> http://msdn.microsoft.com/library/en-us/dncode/html/secure10102002.asp
> 
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org


Thanks.  Seems I hit the nail on the head.  ;)


-- 
Greg Copeland <greg@copelandconsulting.net>
Copeland Computer Consulting



Re: Password security question

From
mlw
Date:

Ken Hirsch wrote:

>http://msdn.microsoft.com/library/en-us/dncode/html/secure10102002.asp
>
>  
>
Well, OK, that isn't as bizarre as one could have expected.

>  
>




Re: Password security question

From
mlw
Date:

Greg Copeland wrote:

>On Tue, 2002-12-17 at 10:49, mlw wrote:
>  
>
>>Christopher Kings-Lynne wrote:
>>
>>    
>>
>>>Hi guys,
>>>
>>>Just a thought - do we explicitly wipe password strings from RAM after using
>>>them?
>>>
>>>I just read an article (by MS in fact) that illustrates a cute problem.
>>>Imagine you memset the password to zeros after using it.  There is a good
>>>chance that the compiler will simply remove the memset from the object code
>>>as it will seem like it can be optimised away...
>>>
>>>Just wondering...
>>>
>>>Chris
>>> 
>>>
>>>      
>>>
>>Could you post that link? That seems wrong, an explicit memset certainly 
>>changes the operation of the code, and thus should not be optimized away.
>>
>>    
>>
>>> 
>>>
>>>      
>>>
>
>I'd like to see the link too.
>
>I can imagine that it would be possible for it to optimize it away if
>there wasn't an additional read/write access which followed.  In other
>words, why do what is more or less a no-op if it's never accessed again.
>  
>
It has been my experience that the MSC optimizer uses a patented 
Heisenberg optimizer. :)

>
>  
>