From: invalid@invalid.invalid   
      
   Rich  writes:   
   > John   wrote:   
   >> Don't know whether or not this was suggested downthread: write your   
   >> delay code as a callable function, compile it separately without   
   >> optimization, and then link that delayfunc.o file with your other   
   >> code, which has been modified to call delayfunc() as needed. As   
   >> already stated, a complete non-issue.   
   >   
   > Look at the examples posted by Richard Kettelwell in the message with   
   > Message-ID:    
   >   
   > Even with no optimizations, due to normal boolean logic   
   > short-circuiting defined by the C spec, the output assembly by the   
   > compiler still skips over much of the "constant time" activity that   
   > must be executed for the code to be "constant time".   
   >   
   > The end result is: compilers do not guarantee "constant runtime" object   
   > code, regardless of optimization settings.   
      
   It’s possibly worth noting that the ‘random delay’ strategy does not   
   work in general.  In many real designs a given secret is used many times   
   (e.g. an https site will generate a new signature, using the same key,   
   for every new connection). Instead of a single timing, the attacker gets   
   a collection of timings and gets to draw inferences from their   
   distribution. The attacker’s cost goes up, for sure, but the attack   
   doesn’t go away.   
      
   If this was truly trivial to solve then nobody would be talking about   
   it. The people claiming it’s a non-issue have not engaged with the issue   
   at all.   
      
   --   
   https://www.greenend.org.uk/rjk/   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)