{"id":211588,"date":"2026-02-09T07:07:00","date_gmt":"2026-02-09T12:07:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/09\/how-the-gnu-c-compiler-became-the-clippy-of-cryptography-the-register\/"},"modified":"2026-02-09T09:50:11","modified_gmt":"2026-02-09T14:50:11","slug":"how-the-gnu-c-compiler-became-the-clippy-of-cryptography-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/09\/how-the-gnu-c-compiler-became-the-clippy-of-cryptography-the-register\/","title":{"rendered":"How the GNU C Compiler became the Clippy of cryptography \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/09\/compilers_undermine_encryption\/\">How the GNU C Compiler became the Clippy of cryptography \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/09\/compilers_undermine_encryption\/\">https:\/\/www.theregister.com\/2026\/02\/09\/compilers_undermine_encryption\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-09 07:07:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p><span class=\"label\">FOSDEM 2026<\/span> The creators of security software have encountered an unlikely foe in their attempts to protect us: modern compilers.<\/p>\n<p>Today&#8217;s compilers boil down code into its most efficient form, but in doing so they can undo safety precautions.<\/p>\n<p>&#8220;Modern software compilers are breaking our code,&#8221;\u00a0said Ren\u00e9 Meusel, sharing his concerns in a FOSDEM talk on February 1.<\/p>\n<p>Meusel manages the Botan cryptography library and is also a senior software engineer at Rohde &#038; Schwarz Cybersecurity.<\/p>\n<p>As the maintainer of Botan, Meusel is cognizant of all the different ways encryption can be foiled.\u00a0It&#8217;s not enough to get the math right. Your software also needs to encrypt and decrypt safely.<\/p>\n<p>Writing code to execute this task can be trickier than some might imagine. And the compilers aren&#8217;t helping.<\/p>\n<h3 class=\"crosshead\">Blocking the side channel<\/h3>\n<p>Meusel offered an example of the kind of problem he deals with implementing a simple login system.<\/p>\n<p>The user types in a password, which gets checked against a database, character by character. Once the first character doesn&#8217;t match, an error message is returned.<\/p>\n<p>For a close observer trying to break in, the time it takes the system to return that error indicates how many letters of the guessed password the user has already entered correctly. A longer response time indicates more of the password has been guessed.<\/p>\n<p>This side-channel leak has been used in the past to facilitate brute-force break-ins. It just requires a high-resolution clock that can tell the minuscule differences in response times.<\/p>\n<p>Good thing cryptographers are a congenitally paranoid sort. They have already created preventive functions to equalize these response times to the user so they are not so revealing. These constant-time implementations &#8220;make the run time independent of the password,&#8221; Meusel said.<\/p>\n<h3 class=\"crosshead\">Problem solved? Not if the compiler has its&#8230;<\/h3>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/09\/compilers_undermine_encryption\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How the GNU C Compiler became the Clippy of cryptography \u2022 The Register https:\/\/www.theregister.com\/2026\/02\/09\/compilers_undermine_encryption\/ Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":211589,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2022\/06\/22\/shutterstock_broken_lock.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-211588","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211588"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=211588"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211588\/revisions"}],"predecessor-version":[{"id":211590,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211588\/revisions\/211590"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/211589"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=211588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=211588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=211588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}