Usage of memset to eradicate string content
Michael Stahl
mstahl at redhat.com
Thu Aug 23 13:37:13 PDT 2012
On 23/08/12 22:15, Tor Lillqvist wrote:
> But if the password is used to load or save encrypted documents, then
> the contents of the document (which the so carefully erased password
> protects) is loaded into memory in plain-text, and is equally readable
> by an adversary that has access to the virtual memory of your process,
> and might get paged out to disk. So what's the win?
that is true for the document that is protected by the password.
but in practice that same password may not only give access to that one
document, but also let an attacker do other nefarious things like log on
to twitter and impersonate the user's cat.
More information about the LibreOffice
mailing list