I guess people are just going to keep discovering that you can't really make a C compiler do constant time

regehr@mastodon.social

I guess people are just going to keep discovering that you can't really make a C compiler do constant time

How the GNU C Compiler became the Clippy of cryptography

FOSDEM 2026: Security devs forced to hide Boolean logic from overeager optimizer

(www.theregister.com)

shelldozer@oldbytes.space

@regehr or that you can make a C compiler do so, but not another C compiler with the same code...

rachelplusplus@tech.lgbt

@regehr Do you think it would be possible to make a special-purpose optimization mode that only makes changes which are "safe" for cryptographic code? Or is that too underspecified/hard of a problem?

shelldozer@oldbytes.space

@regehr and not just limited to some Pascal compilers and other languages too.

regehr@mastodon.social

@rachelplusplus there's some work in this direction in the LLVM community!

[RFC] Constant-Time Coding Support

Constant-Time Coding Support Summary We (@kumarak, @frabert, @hbrodin, @wizardengineer, and myself of Trail of Bits) propose a Clang “constant-time selection” builtin for cryptographers to use to ensure that their compil…

LLVM Discussion Forums (discourse.llvm.org)

regehr@mastodon.social

"Can it be fair to require the average programmer to understand inline assembly, or any of these other inherently obtuse obfuscation techniques?"

can it be fair for the average programmer (if they don't understand this stuff) to just not write code where timing channels matter? who ever writes these articles