Don Davis writes:
* the c99 standard and its predecessors don't
at all intend "volatile" to mean what we naively
think it means. specifically, in the hands of a
high-end compiler developer, the spec's statement:
"any expression referring to [a volatile]
object
At 3:07 PM +1300 11/7/02, Peter Gutmann wrote:
>> [Moderator's note: FYI: no "pragma" is needed.
>> This is what C's "volatile" keyword is for.
>
> No it isn't. This was done to death on vuln-dev,
> see the list archives for the discussion.
>
> [Moderator's note: I'd be curious to hear a summary
David Honig <[EMAIL PROTECTED]> writes:
>Wouldn't a crypto coder be using paranoid-programming skills, like
>*checking* that the memory is actually zeroed? (Ie, read it back..)
>I suppose that caching could still deceive you though?
You can't, in general, assume the compiler won't optimise this
On Thu, 7 Nov 2002, Arnold G. Reinhold wrote:
> Date: Thu, 7 Nov 2002 16:17:48 -0500
> From: Arnold G. Reinhold <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: DOS attack on WPA 802.11?
>
> The new Wi-Fi Protected Access scheme (WPA), designed to replace the
> discredited WEP encryption f
As the designer of Michael and the countermeasures I think I should respond.
At 16:17 07/11/02 -0500, Arnold G. Reinhold wrote:
>The new Wi-Fi Protected Access scheme (WPA), designed to replace the
>discredited WEP encryption for 802.11b wireless networks, is a major
>and welcome improvement. H
From: "Trei, Peter" <[EMAIL PROTECTED]>
[Moderator's note: FYI: no "pragma" is needed. This is what C's
"volatile" keyword is for. Unfortunately, not everyone writing in C
knows the language. --Perry]
Thanks for the reminder about "volatile." It is an ancient and valuable
feature of C and I
From: "Trei, Peter" <[EMAIL PROTECTED]>
[Moderator's note: FYI: no "pragma" is needed. This is what C's
"volatile" keyword is for. Unfortunately, not everyone writing in C
knows the language. --Perry]
Thanks for the reminder about "volatile." It is an ancient and valuable
feature of C and I
Title: Dünya
Dünya'nın İlk Astroloji
ve Gizli İlimler Portalı
www.astromerkez.com
Astromerkez'den
görülmemiş hizmet. Kişiye özel günlük astroloji yorumu, hemde hiçbiryerde
göremeyeceğininiz detaylarıyla... Astromerkez'in ziyaretçilerine ücretsiz
At 6:38 AM -0500 11/4/02, Jonathan S. Shapiro wrote:
Requirements, on the other hand, is a tough problem. David Chizmadia and
I started pulling together a draft higher-assurance OS protection
profile for a class we taught at Hopkins. It was drafted in tremendous
haste, and we focused selectively
The new Wi-Fi Protected Access scheme (WPA), designed to replace the
discredited WEP encryption for 802.11b wireless networks, is a major
and welcome improvement. However it seems to have a significant
vulnerability to denial of service attacks. This vulnerability
results from the proposed rem
>Reading the Wifi report, it seems their customers stampeded them and
>demanded that the security hole be fixed, fixed a damned lot sooner
>than they intended to fix it.
Which is sort of a shame, in a way. 802.11b has no pretense of media
layer security. I've been thinking of that as an opportunit
very interesting.
http://www.eetimes.com/story/OEG20021107S0031
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Hello Jason:
>"Page 193 and 210 do talk about having an identifying
>value encoded in the credentials which the holder can
>prove is or isn't the same as in other credentials. However,
>the discussion on page 193 is with respect to building
>digital pseudonyms"
No, not at all. The paragraph o
> At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:
> >Regardless of whether one uses "volatile" or a pragma, the basic point
> >remains: cryptographic application writers have to be aware of what a
> >clever compiler can do, so that they know to take countermeasures.
>
> Wouldn't a crypto c
At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:
>Regardless of whether one uses "volatile" or a pragma, the basic point
>remains: cryptographic application writers have to be aware of what a
>clever compiler can do, so that they know to take countermeasures.
Wouldn't a crypto coder be usin
> James A. Donald[SMTP:[EMAIL PROTECTED]] wrote:
>
>
> Reading the Wifi report,
> http://www.weca.net/OpenSection/pdf/Wi-
> Fi_Protected_Access_Overview.pdf
> it seems their customers stampeded them and demanded that the
> security hole be fixed, fixed a damned lot sooner than they
> intended to
In message <[EMAIL PROTECTED]>, Peter Gutmann writes
:
>>[Moderator's note: FYI: no "pragma" is needed. This is what C's "volatile"
>> keyword is for.
>
>No it isn't. This was done to death on vuln-dev, see the list archives for
>the discussion.
>
>[Moderator's note: I'd be curious to hear a summ
David Wagner said:
> It's not clear to me if WPA products come with encryption turned on by
> default. This is probably the #1 biggest source of vulnerabilities in
> practice, far bigger than the weaknesses of WEP.
Maybe this is the case in the USA but from my own informal surveys in
Helsinki and
--
Reading the Wifi report,
http://www.weca.net/OpenSection/pdf/Wi-
Fi_Protected_Access_Overview.pdf
it seems their customers stampeded them and demanded that the
security hole be fixed, fixed a damned lot sooner than they
intended to fix it.
I am struck the contrast between the seemingly str
Well, you see some of the people working on improving 802.11 security,
in particular some members of 802.11 Task Group i noted that IEEE
procedures have no interoperability demonstration requirements. So they
formed a little group that took a subset of the then current 802.11i
draft and tried to im
Probably moving out of the domain of the crypto list.
> volatile char *foo;
volatile, like const, is a storage-class modifier. As written, it
means a pointer to memory that is volatile; this means, in particular,
that you can't optimize away dereferences. If you wrote
char * volat
21 matches
Mail list logo