[Cryptography] Ada vs Rust vs safer C
Florian Weimer
fw at deneb.enyo.de
Sun Sep 18 03:53:59 EDT 2016
* Ron Garret:
> On Sep 17, 2016, at 10:41 AM, Watson Ladd <watsonbladd at gmail.com> wrote:
>
>> > 2. Treating all lvalues as if they were volatile (i.e. not even
>> > trying to optimize anything, just a completely straightforward
>> > translation of C into assembly) would likewise be a huge win.
>>
>> Has this lead to security bugs? No. Forget the nonsense of secure
>> erasure and realize operating systems clear memory between users and
>> programs.
>
> This has nothing to do with secure erasure, this has to do with
> avoiding side-channel timing attacks introduced by the compiler
> eliding what it thinks is dead code.
It is unclear if these timing attacks are really feasible.
In the end, this comes back to knowing which things really matter and
what actual attacks out there look like.
More information about the cryptography
mailing list