See the thread "use of memset and optimization" in the krbdev list archives, starting 7 November 2002, also reported on the RISKS, cryptography and cypherpunks lists. When freeing key data, we should first zap the contents, with something better than memset since gcc can optimize that away in certain cases. A memset call with a pointer to volatile should be sufficient, though we probably don't want all key data to be volatile everywhere. Changing krb5_free_keyblock isn't enough; we should also zap key schedules, ASN.1 buffers that hold key data, etc.