> At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote: > >Regardless of whether one uses "volatile" or a pragma, the basic point > >remains: cryptographic application writers have to be aware of what a > >clever compiler can do, so that they know to take countermeasures. > > Wouldn't a crypto coder be using paranoid-programming > skills, like *checking* that the memory is actually zeroed? > (Ie, read it back..) I suppose that caching could still > deceive you though?'
And, of course, the very act of putting in the check could cause a compiler to not optimize out the zeroize code. (Writing a proper test program for such behavior is very difficult). Like most programming language discussions, it's hard to tell whether the arguments support writing critical code languages that abstract at a higher level or a lower level. > > I've read about some Olde Time programmers > who, given flaky hardware (or maybe software), > would do this in non-crypto but very important apps. > > > > > > > > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]