Did you *really* zeroize that key?
Dave Howe
DaveHowe at gmx.co.uk
Thu Nov 7 15:46:19 PST 2002
Kevin Elliott wrote:
> The point is though, that according to C99 today
>
> volatile int myflag;
> myflag=0;
> if (myflag!=0) { do stuff } ;
>
> does _exactly_ what you want, per the spec. The only compilers that
> don't work this way are by definition out of spec, so adding new
> stuff isn't going to help.
Yup, granted.
however, saying after a security breach "this wasn't my fault, the compiler
was out of spec" isn't going to help much.
in the real world, murphys law applies more often than anyone elses; you can
virtually guarantee you will meet up *sometime* with an out of spec compiler
that assumes it knows at compile time if a volatile is actually volatile (in
the example above, such a compiler may treat a volatile as such *only* after
its pointer has been passed to an external subroutine or a fork... ok, that
is out of spec but in the real world would probably work without problems)
> Having said that, most of what your talking about pragma wise is
> boils down to controlling the optimizer.
I doubt that the pragma in question was actually meant to be taken seriously
as a suggestion - but was a bit of humour appended to a fairly serious
warning.
More information about the cypherpunks-legacy
mailing list