From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <3E105E3E.2030900@attbi.com>
From: AUSTIN WOODARD <arwbutch@attbi.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
MIME-Version: 1.0
To: 9fans@cse.psu.edu
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [9fans] securing memory during password processing
Date: Mon, 30 Dec 2002 09:54:54 -0500
Topicbox-Message-UUID: 39f49f5e-eacb-11e9-9e20-41e7f4b1d025

Dear Rob Pike,
Hi - my name is Austin Woodard, is was reading the P9 Security paper at
the bell labs site and came across an unsolved problem of  encrytion
keys being left in memory and their being vulnerable to recovery by a
system reset using a debugger. Why not  use temporary allocated space in
memory for their use and then delete at end of use by filling that space
with all 0's or FF's. this would seem to make for more secure use of
password and key handling.  Although this process may add time to the
running of the process it would seem necessary to prevent unwanted
intrusions into ones computer. My e-mail address arwbutch@attbi.com and
would appreciate a reply if you have time. Thanks for taking the time to
consider this e-mail  --- Austin