Passwords can sit on disk for years
Perry E. Metzger
perry at piermont.com
Mon Jun 14 16:30:08 EDT 2004
jdean at lsuhsc.edu writes:
> What? No compiler is smart enough to say, "The program
> sets these variables but they are never referenced again.
> I'll save time and not set them."
That's actually not true. Many compilers are smart enough to do that,
and in fact do that sort of thing. That's what data flow analysis is
for.
The reason that C has a "volatile" keyword is to inform compilers that
there are side effects that are not visible from the code alone in the
use of particular variables. That's useful when you don't want sets of
registers in hardware optimized away, but it is also of substantial
use in preventing the removal via optimization of password zeroing
routines.
By the way, although C is often too convoluted because of pointer
arithmetic for compilers to do good optimizations, many high level
languages are not -- you should certainly never assume that operations
will not be reordered or removed by an optimizing compiler if you know
what is good for you.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list