Did you *really* zeroize that key?

Patrick Chkoreff patrick at loom.cc
Fri Nov 8 15:19:39 PST 2002


>From: "James A. Donald" <jamesd at echeque.com>
>...
>If the optimizer ever optimizes away a write to volatile
>memory, device drivers will fail.  Most device drivers are
>written in C.  If anyone ever produces a C compiler in which
>"volatile" does not do what we want, not only are they out of
>spec, but smoke will start coming out of hardware when the
>device drivers are recompiled.

Good point #1.  Excellent point, in fact.


>From: "Dave Howe" <DaveHowe at gmx.co.uk>
>...
>Yup, granted.
>however, saying after a security breach "this wasn't my fault, the compiler
>was out of spec" isn't going to help much.
>in the real world, murphys law applies more often than anyone elses; you can
>virtually guarantee you will meet up *sometime* with an out of spec compiler
>...

Good point #2.  Excellent point, in fact.

So, given 1 and 2, it sounds like a good strategy might be:

a.  Declare your sensitive variables volatile and zero them normally.
b.  Check the assembler output because you have to do that anyway  :-)
c.  If (b) exposes an out-of-spec compiler, report it far and wide to all 
available e-mail lists.  Then preferably use a different compiler.  If 
that's not an option, try the va_list trick and go to (b).

-- Patrick
http://fexl.com





More information about the cypherpunks-legacy mailing list