Did you *really* zeroize that key?
Matt Blaze
mab at research.att.com
Thu Nov 7 10:50:43 PST 2002
> At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:
> >Regardless of whether one uses "volatile" or a pragma, the basic point
> >remains: cryptographic application writers have to be aware of what a
> >clever compiler can do, so that they know to take countermeasures.
>
> Wouldn't a crypto coder be using paranoid-programming
> skills, like *checking* that the memory is actually zeroed?
> (Ie, read it back..) I suppose that caching could still
> deceive you though?'
And, of course, the very act of putting in the check could cause a compiler
to not optimize out the zeroize code. (Writing a proper test program for
such behavior is very difficult).
Like most programming language discussions, it's hard to tell whether the
arguments support writing critical code languages that abstract at a
higher level or a lower level.
>
> I've read about some Olde Time programmers
> who, given flaky hardware (or maybe software),
> would do this in non-crypto but very important apps.
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the Testlist
mailing list