SecureZeroMemory. Security for certain usages.

[Tsume <tsume@xxxxxxxxxxxxx>]

Hello dfusers,

I can understand where Microsoft is coming from
with the usage of deleteing sensitive data in
memory. I've a difficult time explaining it to
people however. Would someone like to explain
in an easier detail why using memset to 0 is bad?

The point is to help prevent sensitive data
from reaching the swapfile and coredumps. However,
I'm having trouble explaining to some people.
Its also a known issue in GCC. There was a fellow
last year who informed and shows examples how the
code acted and they just 'blew him off'.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure10102002.asp

Thanks in advance,

TSUME