[Cryptography] Making sure memory erasure is not optimized away
iang
iang at iang.org
Sat Aug 27 05:18:45 EDT 2022
On 25/08/2022 21:24, Phillip Hallam-Baker wrote:
> ...
> So the question is how to ensure this does not happen by implementing
> disposal mechanisms THAT DO NOT GET OPTIMIZED AWAY.
>
> See here is the thing. I can check my code and check my code but I can
> only check the current version of the compiler/optimizer. And some of
> the things I know the C# optimizer is now doing are pretty hard core.
> Yes, when generating assemblies, it can optimize across assembly
> boundaries now.
>
> I am pretty sure most other high level languages suffer from the same
> thing unless there is a mechanism to explicitly state 'do not
> optimize'. ...
Concur.
> Has anyone got pointers to ways to make sure this is done right?
What I have done is taken a random feed and x-or'd it over the sensitive
area, then digest that area and print out some few digits of the digest
into logs.
It's not perfect, as the optimiser could just run the whole calculation
through registers, leaving the sensitive area untouched. But at least a
calculation is done, and the result preserved at that point due to
writing in the log, so that part is hard to optimise away.
I think!
iang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220827/d7541d70/attachment.htm>
More information about the cryptography
mailing list