Did you *really* zeroize that key?

[David Honig]

At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:
>Regardless of whether one uses "volatile" or a pragma, the basic point 
>remains:  cryptographic application writers have to be aware of what a 
>clever compiler can do, so that they know to take countermeasures.

Wouldn't a crypto coder be using paranoid-programming 
skills, like *checking* that the memory is actually zeroed? 
(Ie, read it back..)  I suppose that caching could still
deceive you though?

I've read about some Olde Time programmers
who, given flaky hardware (or maybe software), 
would do this in non-crypto but very important apps. 









---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com