[Cryptography] Other obvious issues being ignored?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Oct 21 23:20:25 EDT 2015
Arnold Reinhold <agr at me.com> writes:
>The fact that the C standards ALLOW certain “optimizations” does not mean
>that compiler writers are REQUIRED to do the most evil things imaginable in
>certain situations
Exactly. Currently, the gcc developers think, and will argue till they've
blue in the face, that this behaviour is OK. The MSVC developers don't.
>At least Apple’s new Swift language includes arithmetic operators that
>explicitly allow overflows, but I have found no info about zeroization in
>Swift.
Some compilers will make the same assumption. The thing with the C standard
is that it's written in a manner where it doesn't exclude things like ones-
complement machines. Now the last one I know of that did that was the CDC
6600 from 1965, but in theory you could be targetting a half-century-old
computer with your compiler and so the standard can't rule it out. Some
compilers, knowing that they're generating code for a twos-complement
architecture, behave accordingly. Other compilers also know that they're
generating code for a twos-complement architecture, but use the vague language
in the C standard to, as you put it, "the most evil things imaginable".
Peter.
More information about the cryptography
mailing list