Episode 38: Compiler optimizations as a risk for security guarantees in crypto code with Lukas Gerlach
In the current episode of CISPA TL;DR, we address an often overlooked yet high-risk aspect of software development: compiler optimizations and their impact on the security of cryptographic code. Our guest, Lukas Gerlach, along with his team, has investigated whether modern compilers inadvertently cause code that is supposedly secure—so-called “constant-time” code—to suddenly become vulnerable to side-channel attacks. These attacks allow hackers to extract sensitive data such as passwords or keys merely by analyzing the program’s runtime. In the podcast, Lukas explains why this is a problem, what he discovered while testing five well-known crypto libraries, and how his new tool called DOCC helps to identify such security vulnerabilities before they become dangerous. The episode was recorded in German. Have fun listening!