Thanks! I just read through it and couldn't really reach a
conclusion. The section above lists non-portable or "clumsy"
solutions.
In the comments, Douglas A. Gwyn suggested a simple:
memset((volatile char *)pwd, 0, sizeof(pwd));
Unless I'm mistaken, this SHOULD work. Then again, it
should also give you a warning...
I believe that solution is able to be optimized out as well (see the comment in the C99 solution). memset_s (C11) and SecureZeroMemory (MSVC) are the two standards compliant ways that guarantee they won't be optimized out.
I believe that solution is able to be optimized out as well (see the comment in the C99 solution). memset_s (C11) and SecureZeroMemory (MSVC) are the two standards compliant ways that guarantee they won't be optimized out.
Unfortunately, memet_s() is part of Annex K (which is an optional
Annex that has not been widely adopted) and SecureZeroMemory() is a
Win32-only API. It's too bad that the standard library maintainers
have been so hostile towards Annex K because this is not a trivial
problem to solve in a portable manner without implementation
collusion.
~Aaron