[12018] in cryptography@c2.net mail archive
Re: Did you *really* zeroize that key?
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Nov 8 00:44:11 2002
Date: Fri, 8 Nov 2002 17:40:02 +1300 (NZDT)
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: dahonig@cox.net, pgut001@cs.auckland.ac.nz, smb@research.att.com
Cc: cryptography@wasabisystems.com, cypherpunks@lne.com,
ptrei@rsasecurity.com
David Honig <dahonig@cox.net> writes:
>Wouldn't a crypto coder be using paranoid-programming skills, like
>*checking* that the memory is actually zeroed? (Ie, read it back..)
>I suppose that caching could still deceive you though?
You can't, in general, assume the compiler won't optimise this away
(it's just been zeroised, there's no need to check for zero). You
could make it volatile *and* do the check, which should be safe from
being optimised.
It's worth reading the full thread on vuln-dev, which starts at
http://online.securityfocus.com/archive/82/297827/2002-10-29/2002-11-04/0.
This discusses lots of fool-the-compiler tricks, along with rebuttals
on why they could fail.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
