Re: Did you *really* zeroize that key?
In message <200211070207.PAA88426@ruru.cs.auckland.ac.nz>, Peter Gutmann writes :
[Moderator's note: FYI: no "pragma" is needed. This is what C's "volatile" keyword is for.
No it isn't. This was done to death on vuln-dev, see the list archives for the discussion.
[Moderator's note: I'd be curious to hear a summary -- it appears to work fine on the compilers I've tested. --Perry]
Regardless of whether one uses "volatile" or a pragma, the basic point remains: cryptographic application writers have to be aware of what a clever compiler can do, so that they know to take countermeasures. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:
Regardless of whether one uses "volatile" or a pragma, the basic point remains: cryptographic application writers have to be aware of what a clever compiler can do, so that they know to take countermeasures.
Wouldn't a crypto coder be using paranoid-programming skills, like *checking* that the memory is actually zeroed? (Ie, read it back..) I suppose that caching could still deceive you though? I've read about some Olde Time programmers who, given flaky hardware (or maybe software), would do this in non-crypto but very important apps. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (2)
-
David Honig -
Steven M. Bellovin