Vulnerability Development mailing list archives
Re: Software leaves encryption keys, passwords lying around in memory
From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Thu, 31 Oct 2002 02:46:31 +0100 (CET)
On Wed, 30 Oct 2002, Dan Kaminsky wrote:
Yes, but here you *hope* the compiler has the same semantics for "volatile" that you do. [...]
A compiler eliminating accesses (both read and write) to volatile variables is a broken compiler. I am not sure about older standards but C99 says you cannot optimize out accesses to volatile objects. You need to read several distinct parts of it and put them together but it is there: see 5.1.2.3 (par. 2, 5) and 6.7.3 (par 6 and its accompanying footnote 114). --Pavel Kankovsky aka Peak "Welcome to the Czech Republic. Bring your own lifeboats."
Current thread:
- Software leaves encryption keys, passwords lying around in memory Peter Gutmann (Oct 30)
- Re: Software leaves encryption keys, passwords lying around in memory Syzop (Oct 30)
- Re: Software leaves encryption keys, passwords lying around in memory Dan Kaminsky (Oct 30)
- RE: Software leaves encryption keys, passwords lying around in memory Dom De Vitto (Oct 30)
- Re: Software leaves encryption keys, passwords lying around in memory Dan Kaminsky (Oct 30)
- Re: Software leaves encryption keys, passwords lying around in memory Pavel Kankovsky (Oct 31)
- RE: Software leaves encryption keys, passwords lying around in memory Dom De Vitto (Oct 30)
- Re: Software leaves encryption keys, passwords lying around in memory Frank Knobbe (Oct 31)
- <Possible follow-ups>
- Re: Software leaves encryption keys, passwords lying around in memory Peter Gutmann (Oct 31)