Re: Is memcpy secure?

From: Peter Pichler (pichlo7_at_pobox.sk)
Date: 01/11/04


Date: Sun, 11 Jan 2004 22:15:16 -0000


"Christian Bau" <christian.bau@cbau.freeserve.co.uk> wrote...
> (Olga Sayenko) wrote:
> > I am trying to make sure that my data doesn't show up anywhere outside
> > my process unencrypted. I am concerned that if I use memcpy, the bytes
> > copied will end up in some memory somewhere after I am done with it.
> > Am I being paranoid?
>
> Yes, but are you paranoid enough?
>
> Seriously, memcpy will not be a special case. It won't do anything that
> straightforward C code couldn't do. I would be more worried about the
> data that was in a memory block that gets free()d.

Or indeed in any memory block, full stop. *Any* memory can be swapped to
a harddisk, for example.