At 10:50 AM -0800 11/7/02, Matt Blaze wrote: >> At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote: >> >Regardless of whether one uses "volatile" or a pragma, the basic point >> >remains: cryptographic application writers have to be aware of what a >> >clever compiler can do, so that they know to take countermeasures. >> >> Wouldn't a crypto coder be using paranoid-programming >> skills, like *checking* that the memory is actually zeroed? >> (Ie, read it back..) I suppose that caching could still >> deceive you though?' > >And, of course, the very act of putting in the check could cause a compiler >to not optimize out the zeroize code. (Writing a proper test program for >such behavior is very difficult). > >Like most programming language discussions, it's hard to tell whether the >arguments support writing critical code languages that abstract at a >higher level or a lower level.
Back in the early days of compiler benchmarks, one fancy compiler noticed that the result of a lengthy calculation wasn't being used, and dutifully removed the calculations. That calculation was, of course, the kernel of the benchmark. The solution was to print the result. You would probably be safer filling the area with the output of the rand() function, and then calculating the sum of the words in the area. If you can pass the sum to an externally compiled function even better. (Of course this procedure doesn't leave the area zero.) Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
