[Cryptography] Secure erasure in C.

[Christian Huitema]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday, September 9, 2016 3:22 PM, Ray Dillinger wrote:
>
> But operating systems are written in C, so you can't get secure erasure
> in anything else unless you can get it in C.  And it looks like you
> can't get it in C unless you can get it in assembly language, and you
> can't get it in assembly language unless you can get it in silicon.

Most of the issue seems to be with optimizers. Un-optimized C is a basic imperative language, meaning the compiler is supposed to translate the code literally. Optimized C works on a different principle, i.e. translate the code into something that provides the same result as what the programmer meant, for some definition of "same result". The good news is that mainstream compilers support something like "#pragma optimize(off)", allowing to turn off optimization for a specific code segment. Bracketing the erasure routine with such pragmas should ensure that it erases as intended, at least as far as C is concerned.

- -- Christian Huitema

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using gpg4o v3.5.53.6558 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJX1IRDAAoJELba05IUOHVQKY8H/R7ZEAzt5cwbHGt8jvEhZwFs
XX6LxNEWU+mNPSKhcrxC8dE0iqAcnuFThzinYnUiAhNVPCa/7KBsVTop8YYs4Dax
/yXRzBQrUl2VouB0ooeYd0pILKpI3hiUk2lkY6e0DPvC9pyb8DCrlxK7hLTWdDs7
XvAYWL4l/nXdyz/l+V9yLJUIGYhlTqy/NgRUozBsekYCN/nKSh7UZceqVHJEgpS3
Iwm6o7KzmFgbjGpnre3lPa0OHgwESMTJHv+RyahREZwJpVck8/geIlc1iDWpzjt8
TIUhfQHOJYgQs7C8LrvAtlApnZCQkzpkxdGXPbTBj7Dpc+yY2ju1TOQuj/ilfbc=
=ckZ1
-----END PGP SIGNATURE-----