Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Carlos E. R." Newsgroups: comp.os.linux.misc Subject: Re: For those arguing over languages... Date: Wed, 11 Feb 2026 23:24:59 +0100 Lines: 37 Message-ID: References: <10mesjc$3gnr9$1@dont-email.me> <10mij0u$rimo$1@dont-email.me> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net c8DEfAf4sahuPjqFImhQPQ4/bnOp1AQLpp3g6uzefCbNgjulgv Cancel-Lock: sha1:0jQxSrCUQAuhjt+skMmqfc9CtlE= sha256:fRjMxqEWcCMCAiY8e1PVaYm3Odrzzq+mb/If/+6jibE= User-Agent: Mozilla Thunderbird Content-Language: en-CA, es-ANY In-Reply-To: <10mij0u$rimo$1@dont-email.me> Xref: csiph.com comp.os.linux.misc:81952 On 2026-02-11 19:50, Rich wrote: > c186282 wrote: >> On 2/10/26 04:09, The Natural Philosopher wrote: >>> ...more fuel on the fire... >>> >>> https://www.theregister.com/2026/02/09/compilers_undermine_encryption/ >>> >>> GCC erases code whose delays obfuscates encryption delays because it >>> doesn't do anything... >>> >> >> Very interesting ! How 'optimization' sometimes ISN'T. > > Nope. As Richard Kettlewell has pointed out, what the encryption code > writers want is "constant time execution, regardless of inputs" which > is not a promised output from gcc, no matter the optimization level > chosen. > > The compiler is "properly optimizing" given the meaning of > "optimization" it uses ("make code run as fast as possible" or "make > code as small as possible" -- with -Os). But the compiler was not > designed to create "constant time execution" code. The writers were > expecting a promise the compiler never promised. In the example posted: The user types in a password, which gets checked against a database, character by character. Once the first character doesn't match, an error message is returned. ...the fault is not of the compiler, but of the programmer. He has to examine all characters even if he knows there is no point. -- Cheers, Carlos E.R.