Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Carlos E. R." Newsgroups: comp.os.linux.misc Subject: Re: For those arguing over languages... Date: Thu, 12 Feb 2026 15:14:57 +0100 Lines: 47 Message-ID: References: <10mesjc$3gnr9$1@dont-email.me> <10mij0u$rimo$1@dont-email.me> <10mkhl0$1er09$2@dont-email.me> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Trace: individual.net FsN39Gd7FNeB959V8NpkRwBtOeSsVJCIOp9qHU0/S8Yzzlmdqu Cancel-Lock: sha1:XXFf5+ufiTnan7tX5oJ+7U8Sj4w= sha256:j85lShkKWvy6fsbUhQ2BgZMpqnNbnAbiHCQ+/kpy6pQ= User-Agent: Mozilla Thunderbird Content-Language: en-CA, es-ANY In-Reply-To: <10mkhl0$1er09$2@dont-email.me> Xref: csiph.com comp.os.linux.misc:81985 On 2026-02-12 13:38, The Natural Philosopher wrote: > On 11/02/2026 22:24, Carlos E. R. wrote: >> On 2026-02-11 19:50, Rich wrote: >>> c186282 wrote: >>>> On 2/10/26 04:09, The Natural Philosopher wrote: >>>>> ...more fuel on the fire... >>>>> >>>>> https://www.theregister.com/2026/02/09/compilers_undermine_encryption/ >>>>> >>>>> GCC erases code whose delays obfuscates encryption delays because it >>>>> doesn't do anything... >>>>> >>>> >>>>    Very interesting ! How 'optimization' sometimes ISN'T. >>> >>> Nope.  As Richard Kettlewell has pointed out, what the encryption code >>> writers want is "constant time execution, regardless of inputs" which >>> is not a promised output from gcc, no matter the optimization level >>> chosen. >>> >>> The compiler is "properly optimizing" given the meaning of >>> "optimization" it uses ("make code run as fast as possible" or "make >>> code as small as possible" -- with -Os).  But the compiler was not >>> designed to create "constant time execution" code.  The writers were >>> expecting a promise the compiler never promised. >> >> In the example posted: >> >>    The user types in a password, which gets checked against >>    a database, character by character. Once the first character >>    doesn't match, an error message is returned. >> >> ...the fault is not of the compiler, but of the programmer. He has to >> examine all characters even if he knows there is no point. >> >> > I think the point is that the compiler knows that isn't necessary, and > doesnt bother. > Then don't optimize. Optimization has always been somewhat problematic. Sometimes it introduced bugs that could not be debugged, because debugging altered the code, possibly removing the optimizations. -- Cheers, Carlos E.R.