How the GNU C Compiler became the Clippy of cryptography • The Register

https://www.theregister.com/2026/02/09/compilers_undermine_encryption/

Publish Date: 2026-02-09 07:07:00

FOSDEM 2026 The creators of security software have encountered an unlikely foe in their attempts to protect us: modern compilers.

Today’s compilers boil down code into its most efficient form, but in doing so they can undo safety precautions.

“Modern software compilers are breaking our code,” said René Meusel, sharing his concerns in a FOSDEM talk on February 1.

Meusel manages the Botan cryptography library and is also a senior software engineer at Rohde & Schwarz Cybersecurity.

As the maintainer of Botan, Meusel is cognizant of all the different ways encryption can be foiled. It’s not enough to get the math right. Your software also needs to encrypt and decrypt safely.

Writing code to execute this task can be trickier than some might imagine. And the compilers aren’t helping.

Blocking the side channel

Meusel offered an example of the kind of problem he deals with implementing a simple login system.

The user types in a password, which gets checked against a database, character by character. Once the first character doesn’t match, an error message is returned.

For a close observer trying to break in, the time it takes the system to return that error indicates how many letters of the guessed password the user has already entered correctly. A longer response time indicates more of the password has been guessed.

This side-channel leak has been used in the past to facilitate brute-force break-ins. It just requires a high-resolution clock that can tell the minuscule differences in response times.

Good thing cryptographers are a congenitally paranoid sort. They have already created preventive functions to equalize these response times to the user so they are not so revealing. These constant-time implementations “make the run time independent of the password,” Meusel said.