[15614] in cryptography@c2.net mail archive
Re: Passwords can sit on disk for years
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Jun 14 16:40:56 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: jdean@lsuhsc.edu
Cc: <cryptography@metzdowd.com>, <ben@algroup.co.uk>
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 14 Jun 2004 16:30:08 -0400
In-Reply-To: <EXCHMX2YixMwInhdAHx00001b7e@relay.lsuhsc.edu> (jdean@lsuhsc.edu's
message of "14 Jun 04 11:31:23 +0")
jdean@lsuhsc.edu writes:
> What? No compiler is smart enough to say, "The program
> sets these variables but they are never referenced again.
> I'll save time and not set them."
That's actually not true. Many compilers are smart enough to do that,
and in fact do that sort of thing. That's what data flow analysis is
for.
The reason that C has a "volatile" keyword is to inform compilers that
there are side effects that are not visible from the code alone in the
use of particular variables. That's useful when you don't want sets of
registers in hardware optimized away, but it is also of substantial
use in preventing the removal via optimization of password zeroing
routines.
By the way, although C is often too convoluted because of pointer
arithmetic for compilers to do good optimizations, many high level
languages are not -- you should certainly never assume that operations
will not be reordered or removed by an optimizing compiler if you know
what is good for you.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
