[Cryptography] Heartbleed and fundamental crypto programming practices
Vilem Kebrt
vilem.kebrt at gmail.com
Fri Apr 18 02:46:50 EDT 2014
On 04/16/2014 08:10 AM, Dave Horsfall wrote:
> On Tue, 15 Apr 2014, danimoth wrote:
>
>> If I understood correctly, all crypto software should be compiled with
>> -O0 flag...
> I've never trusted optimisers; in essence you are asking an unknown party
> to rewrite your critical code for you with no oversight, and hopefully get
> it right.
>
> -- Dave, bitten by many an optimiser
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
Hello everybody.
Good point,i have to ask myself (i'm new in this and i', no programator,
so please don't kill me :) ), shouldn't be so important piece of
software, as openssl really is nowadays, statically compiled/linked
without optimizing ? (let's say as condition to "securely" use it) ?
Or is there a posibility to avoid optimization in code ? (for example
some type of macro, which will tell compiler - > DONT OPTIMIZE THIS CODE) ?
I know that you can redefine compile conditions on every piece of your
compilation, but shouldn't be something so important released in
compiled version?
Of course the source code would be on other link...
Maybe i'm naive...
With regards...
Vilem
More information about the cryptography
mailing list