[Dovecot] Re: password generation tool and additional hashes
Timo Sirainen
tss at iki.fi
Tue Jul 27 09:51:57 EEST 2004
On 27.7.2004, at 09:27, Alexander Sabourenkov wrote:
>> safe_memset() exists pretty much for this reason. Compilers may sooner
>> or later optimize out this kind of code because it seems useless to
>> it.
>> Microsoft's compilers already do in some cases.
>
> That's called bzero() on *nix (POSIX.1).
Nope:
CONFORMING TO
4.3BSD. This function is deprecated -- use memset in new
programs.
Also I just tested how gcc 3.3.3 works. In a function like:
void test(void)
{
char arr[4];
scanf("%3s", arr);
printf("your secure password: %s\n", arr);
bzero(arr, sizeof(arr));
memset(arr, 0, sizeof(arr));
}
Both bzero() and memset() are optimized away if optimizations are
turned on.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040727/d9dfad88/attachment-0001.bin>
More information about the dovecot
mailing list