Marking a and b volatile would inhibit that optimization if it did exist, right?
-
-
-
Why would marking them volatile matter?
- 4 more replies
New conversation -
-
-
AFAIU delay loops are insufficient against local adversaries
-
(where "local" includes "co-hosted")
End of conversation
New conversation -
-
-
Are you talking about my explicit_bcmp() implementation in OpenBSD libc?
-
oh, heh. I was actually looking at some other timing-safe code, and didn't know/remember that OpenBSD has a timingsafe_bcmp() in its libc...
- 1 more reply
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Never mind compiler, there are no ISA/architecture guarantees that will remain constant time.
-
ARM actually posted something on this on their blog last year: https://web.archive.org/web/20171107164628/https://community.arm.com/processors/b/blog/posts/introducing-2017s-extensions-to-the-arm-architecture#dataindependenttiming … , section "Data Independent Timing". (that section is gone in the current version of that page though...)
End of conversation
New conversation -
-
-
It isn't and I've been working with crypto folks to address this by adding constant time operations to the language, compiler, etc. Sadly, not as much progress as I'd like, but likely to move forward again when our work on Spectre starts to wind down.
-
Also, this isn't hypothetical, there are coding patterns that have to be avoided in these parts of crypto code because some layer (compiler, CPU...) "optimizes" it into variable time. Classic problem of not having the code be able to express the intent.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.