Re: [Dovecot] Re: password generation tool and additional hashes

27 Jul 2004


      On 27.7.2004, at 09:27, Alexander Sabourenkov wrote:
...
...
safe_memset() exists pretty much for this reason. Compilers may sooner
or later optimize out this kind of code because it seems useless to
it.
Microsoft's compilers already do in some cases.
That's called bzero() on *nix (POSIX.1).
Nope:
CONFORMING TO
4.3BSD.  This function is deprecated -- use memset in new
programs.
Also I just tested how gcc 3.3.3 works. In a function like:
void test(void)
{
char arr[4];
scanf("%3s", arr);
printf("your secure password: %s\n", arr);
bzero(arr, sizeof(arr));
memset(arr, 0, sizeof(arr));
}
Both bzero() and memset() are optimized away if optimizations are
turned on.

Re: [Dovecot] Re: password generation tool and additional hashes

Timo Sirainen