[12007] in cryptography@c2.net mail archive
Re: Did you *really* zeroize that key?
daemon@ATHENA.MIT.EDU (Matt Blaze)
Thu Nov 7 14:40:38 2002
To: David Honig <dahonig@cox.net>
Cc: "Steven M. Bellovin" <smb@research.att.com>,
pgut001@cs.auckland.ac.nz (Peter Gutmann),
cryptography@wasabisystems.com, cypherpunks@lne.com,
ptrei@rsasecurity.com
In-Reply-To: Message from David Honig <dahonig@cox.net>
of "Thu, 07 Nov 2002 10:13:52 PST." <3.0.5.32.20021107101352.0083fa60@pop.west.cox.net>
Date: Thu, 07 Nov 2002 13:50:43 -0500
From: Matt Blaze <mab@research.att.com>
> At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:
> >Regardless of whether one uses "volatile" or a pragma, the basic point
> >remains: cryptographic application writers have to be aware of what a
> >clever compiler can do, so that they know to take countermeasures.
>
> Wouldn't a crypto coder be using paranoid-programming
> skills, like *checking* that the memory is actually zeroed?
> (Ie, read it back..) I suppose that caching could still
> deceive you though?'
And, of course, the very act of putting in the check could cause a compiler
to not optimize out the zeroize code. (Writing a proper test program for
such behavior is very difficult).
Like most programming language discussions, it's hard to tell whether the
arguments support writing critical code languages that abstract at a
higher level or a lower level.
> I've read about some Olde Time programmers
> who, given flaky hardware (or maybe software),
> would do this in non-crypto but very important apps.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
