SecurityFocus

Software leaves encryption keys, passwords lying around in memory Oct 30 2002 04:11PM
pgut001 cs auckland ac nz (Peter Gutmann) (3 replies)

Re: Software leaves encryption keys, passwords lying around inmemory Oct 31 2002 04:56PM
Frank Knobbe (fknobbe knobbeits com)

Re: Software leaves encryption keys, passwords lying around in memory Oct 30 2002 06:00PM
Dan Kaminsky (dan doxpara com) (1 replies)

RE: Software leaves encryption keys, passwords lying around in memory Oct 30 2002 07:39PM
Dom De Vitto (dom DeVitto com) (1 replies)

Re: Software leaves encryption keys, passwords lying around in memory Oct 30 2002 09:22PM
Dan Kaminsky (dan doxpara com) (1 replies)

Re: Software leaves encryption keys, passwords lying around in memory Oct 31 2002 01:46AM
Pavel Kankovsky (peak argo troja mff cuni cz)

On Wed, 30 Oct 2002, Dan Kaminsky wrote:

> Yes, but here you *hope* the compiler has the same semantics for
> "volatile" that you do. [...]

A compiler eliminating accesses (both read and write) to volatile
variables is a broken compiler.

I am not sure about older standards but C99 says you cannot optimize out
accesses to volatile objects. You need to read several distinct parts of
it and put them together but it is there: see 5.1.2.3 (par. 2, 5) and
6.7.3 (par 6 and its accompanying footnote 114).

--Pavel Kankovsky aka Peak
"Welcome to the Czech Republic. Bring your own lifeboats."

[ reply ]

Re: Software leaves encryption keys, passwords lying around in memory Oct 30 2002 05:14PM
Syzop (syz dds nl)