In message <[EMAIL PROTECTED]>, Peter Gutmann writes : >>[Moderator's note: FYI: no "pragma" is needed. This is what C's "volatile" >> keyword is for. > >No it isn't. This was done to death on vuln-dev, see the list archives for >the discussion. > >[Moderator's note: I'd be curious to hear a summary -- it appears to >work fine on the compilers I've tested. --Perry] > Regardless of whether one uses "volatile" or a pragma, the basic point remains: cryptographic application writers have to be aware of what a clever compiler can do, so that they know to take countermeasures.
--Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)