At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:

...

Regardless of whether one uses "volatile" or a pragma, the basic point remains: cryptographic application writers have to be aware of what a clever compiler can do, so that they know to take countermeasures.

Wouldn't a crypto coder be using paranoid-programming skills, like *checking* that the memory is actually zeroed? (Ie, read it back..) I suppose that caching could still deceive you though?'

And, of course, the very act of putting in the check could cause a compiler to not optimize out the zeroize code. (Writing a proper test program for such behavior is very difficult). Like most programming language discussions, it's hard to tell whether the arguments support writing critical code languages that abstract at a higher level or a lower level.

I've read about some Olde Time programmers who, given flaky hardware (or maybe software), would do this in non-crypto but very important apps.

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com