Re: Software leaves encryption keys, passwords lying around in memory

[Frank Knobbe <fknobbe () knobbeits com>]

On Wed, 2002-10-30 at 10:11, Peter Gutmann wrote:
> When compiled with any level of optimisation using gcc, the key clearing call
> goes away because of dead code elimination (see the MSDN article for more
> details on this, which uses VC++ to get the same effect).  While you can
> kludge enough stuff around a custom memory-clear call to fool the optimiser
> (hacks with 'volatile', touching the memory after it's cleared and hoping the
> optimiser is fooled, etc etc) there's no guarantee that it'll work for
> anything but the compiler(s) you happen to test it with - any future
> enhancement to the optimiser may turn it back into a nop.  What it really
> needs is the addition of a #pragma dont_remove_this_code_you_bastard in the
> compiler.  Until then, a lot of security code will be affected by this
> problem.  


The off-list discussion about band-aids was fun. Regarding the pragma,
it does exist for VC++.

#pragma optimize( "", off )

Turns off all optimization. 

#pragma optimize( "", on )

Restores the optimization settings to the original values.

I haven't looked at gcc yet, but even if it had such a #pragma, there is
always the issue of developer education. But this is what your post was 
about I believe...

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part