In message <[EMAIL PROTECTED]>, Peter Gutmann writes
:
>>[Moderator's note: FYI: no "pragma" is needed. This is what C's "volatile"
>> keyword is for.
>
>No it isn't. This was done to death on vuln-dev, see the list archives for
>the discussion.
>
>[Moderator's note: I'd be curious to hear a summary -- it appears to
>work fine on the compilers I've tested. --Perry]
>
Regardless of whether one uses "volatile" or a pragma, the basic point
remains: cryptographic application writers have to be aware of what a
clever compiler can do, so that they know to take countermeasures.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
