[Ur] openid fails to build on OS X
Robin Green
greenrd at greenrd.org
Sun Jul 17 05:29:58 EDT 2011
On Sat, 16 Jul 2011 17:01:12 -0500, austin seipp <as at hacks.yi.org> wrote:
> Robin, while I understand the principle behind the secure comparison
> function (to avoid a timing attack based on string length,) is there a
> particular reason you need GCC to optimize at level 0? Or is it just
> the fact you don't want anything happening under your nose?
It's really just paranoia about future versions of GCC or other
compilers doing some clever optimisation that makes a timing attack
possible. I think you can just remove the GCC-specific attribute.
--
Robin
More information about the Ur
mailing list