Usage of memset to eradicate string content
Tor Lillqvist
tml at iki.fi
Thu Aug 23 14:23:21 PDT 2012
> that is true for the document that is protected by the password.
> but in practice that same password may not only give access to that one
> document, but also let an attacker do other nefarious things like log on
> to twitter and impersonate the user's cat.
>
Hmm, but why use password-protected documents only for yourself? No idea,
but isn't it more likely that such documents are passed between *several*
people? Thus making it less likely one would use some important personal
password to protect it? Unless one also wants the other people to be able
to impersonate oneself on twitter etc. But whatever, sure, if there is a
strong feeling that erasing password strings from memory does improve
"security", I am not going to argue any more. Especially as I guess we want
to avoid giving any impression that we would be intentionally weakening
"security", real or not... that would be bad publicity.
--tml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20120824/249cd80d/attachment.html>
More information about the LibreOffice
mailing list