Did you *really* zeroize that key?
Patrick Chkoreff
patrick at loom.cc
Thu Nov 7 19:54:57 EST 2002
>>From: "Trei, Peter" <ptrei at rsasecurity.com>
>>
>>[Moderator's note: FYI: no "pragma" is needed. This is what C's
>>"volatile" keyword is for. Unfortunately, not everyone writing in C
>>knows the language. --Perry]
>
>Thanks for the reminder about "volatile." It is an ancient and valuable
>feature of C and I suppose it's implemented correctly under gcc and some
>of the Windoze compilers even with high optimization options like -O2.
Oops, I missed your real point, which is that "volatile" ought to suffice
as a compiler guide and there is no need for an additional pragma. By
declaring a variable as volatile, the compiler would also leave untouched
any code which refers to that variable.
Too bad that volatile is not guaranteed to work in all major ANSI-compliant
compilers. Oh well. I wonder how gcc does with it?
[Moderator's note: I've quoted chapter and verse -- if it follows the
current standards, it is required to honor "volatile". It isn't
compliant by definition if it does not. gcc does indeed honor
"volatile", as do almost all other C compilers I have access to. --Perry]
I guess we should stick with either the recursive routine trick or the
var-arg trick.
-- Patrick
http://fexl.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list