Did you *really* zeroize that key?

[Peter Gutmann]

David Honig <dahonig at cox.net> writes:

>Wouldn't a crypto coder be using paranoid-programming skills, like 
>*checking* that the memory is actually zeroed? (Ie, read it back..)
>I suppose that caching could still deceive you though?

You can't, in general, assume the compiler won't optimise this away
(it's just been zeroised, there's no need to check for zero).  You 
could make it volatile *and* do the check, which should be safe from 
being optimised.

It's worth reading the full thread on vuln-dev, which starts at
http://online.securityfocus.com/archive/82/297827/2002-10-29/2002-11-04/0.
This discusses lots of fool-the-compiler tricks, along with rebuttals
on why they could fail.

Peter.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com