[12004] in cryptography@c2.net mail archive
Re: Did you *really* zeroize that key?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Nov 7 13:39:32 2002
From: "Steven M. Bellovin" <smb@research.att.com>
To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Cc: cryptography@wasabisystems.com, cypherpunks@lne.com,
ptrei@rsasecurity.com
Date: Thu, 07 Nov 2002 15:55:26 +0100
In message <200211070207.PAA88426@ruru.cs.auckland.ac.nz>, Peter Gutmann writes
:
>>[Moderator's note: FYI: no "pragma" is needed. This is what C's "volatile"
>> keyword is for.
>
>No it isn't. This was done to death on vuln-dev, see the list archives for
>the discussion.
>
>[Moderator's note: I'd be curious to hear a summary -- it appears to
>work fine on the compilers I've tested. --Perry]
>
Regardless of whether one uses "volatile" or a pragma, the basic point
remains: cryptographic application writers have to be aware of what a
clever compiler can do, so that they know to take countermeasures.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
