Did you *really* zeroize that key?

Patrick Chkoreff patrick at loom.cc
Thu Nov 7 19:54:57 EST 2002


>>From: "Trei, Peter" <ptrei at rsasecurity.com>
>>
>>[Moderator's note: FYI: no "pragma" is needed. This is what C's
>>"volatile" keyword is for. Unfortunately, not everyone writing in C
>>knows the language. --Perry]
>
>Thanks for the reminder about "volatile."  It is an ancient and valuable 
>feature of C and I suppose it's implemented correctly under gcc and some 
>of the Windoze compilers even with high optimization options like -O2.

Oops, I missed your real point, which is that "volatile" ought to suffice 
as a compiler guide and there is no need for an additional pragma.  By 
declaring a variable as volatile, the compiler would also leave untouched 
any code which refers to that variable.

Too bad that volatile is not guaranteed to work in all major ANSI-compliant 
compilers.  Oh well.  I wonder how gcc does with it?

[Moderator's note: I've quoted chapter and verse -- if it follows the
current standards, it is required to honor "volatile". It isn't
compliant by definition if it does not. gcc does indeed honor
"volatile", as do almost all other C compilers I have access to. --Perry]

I guess we should stick with either the recursive routine trick or the 
var-arg trick.

-- Patrick
http://fexl.com


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list