Did you *really* zeroize that key?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Nov 7 20:40:02 PST 2002
David Honig <dahonig at cox.net> writes:
>Wouldn't a crypto coder be using paranoid-programming skills, like
>*checking* that the memory is actually zeroed? (Ie, read it back..)
>I suppose that caching could still deceive you though?
You can't, in general, assume the compiler won't optimise this away
(it's just been zeroised, there's no need to check for zero). You
could make it volatile *and* do the check, which should be safe from
being optimised.
It's worth reading the full thread on vuln-dev, which starts at
http://online.securityfocus.com/archive/82/297827/2002-10-29/2002-11-04/0.
This discusses lots of fool-the-compiler tricks, along with rebuttals
on why they could fail.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the Testlist
mailing list