[Cryptography] Making sure memory erasure is not optimized away
John Levine
johnl at iecc.com
Sat Aug 27 15:54:09 EDT 2022
It appears that Phillip Hallam-Baker <phill at hallambaker.com> said:
>So the question is how to ensure this does not happen by implementing
>disposal mechanisms THAT DO NOT GET OPTIMIZED AWAY. ...
I don't see how you're going to do any better than using qualifiers
like "volatile" in C and C#.
In nearly every case, optimizing away dead stores is a safe
optimization that can speed up programs a lot. So they inevented
volatile to dscribe the rare cases where you know something else might
be looking at the memory you're writing or reading.
Rather than saying "use language X" I think I'm saying the opposite,
don't use a language where you can't say what you mean. I know there
are volatile qualifiers in C, C++, C#, Fortran, Ada, and Java, so you
have some options.
R's,
John
PS: Every operating system I know zeros storage before adding it to
a process, so I'm kind of wondering what the threat model is here.
More information about the cryptography
mailing list