[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] memcmp() & co. timing info disclosures?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] memcmp() & co. timing info disclosures?
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Fri, 6 May 2011 21:00:37 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 06 May 2011 21:00:54 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=WV9RvydW2TEqR8A++5oYshnC+eeD8sjIeL6sC4JSBX0=; b=mrXqh5XrzPo/js7/rrnvDBegjQmRjgTVKBrtmQiotZKfo/4xSCPcb63FGpljECf/aF xBwmnv2hyp0n87nb0zllv2M0b92GiQ2F/fc5VM40rrXdOMR+GnHB9YEbgYxRCLjBQYnX x71Zs5ynHRMcw5oZM39nNUX5qXT/5a8wP/UbA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=hUAzJBDJrQ+lqYFkXXcvMMWG+K00JZdYdBcAVKCgNpEOZzIfYO6ZL/679PPbkxHh9i kLCeLhACDFC/QzKpBwcfDnjNEiirwggADiDjhEjf0ZK8ZMwKVr70BMX/FwSEE5wa9sH/ +VyajnNVOD/T86PSla0Pvjs9jHU/am4P2htCc=
In-reply-to: <4DC480A2.4020600@xxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <4DC480A2.4020600@xxxxxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

On Fri, May 6, 2011 at 7:13 PM, Marsh Ray <marsh@xxxxxxxxxxxxxxxxxx> wrote:
>
> Greetings all,
>
Hi, Marsh!

I replied on https://trac.torproject.org/projects/tor/ticket/3122#comment:4
.  The particular case that you mention is (I think) safe (see
discussion there), but the problem in general is worrisome and we
should indeed replace (nearly) all of our memcmps with
data-independent variants.

(Pedantic nit-pick: we should be saying "data-independent," not
"constant-time."  We want a memcmp(a,b,c) that takes the same number
of cycles for a given value of c no matter what a and b are.  That's
data-independence.  A constant-time version would be one that took the
same number of cycles no matter what c is.)

-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] memcmp() & co. timing info disclosures?
  - From: Marsh Ray

References:
- [tor-dev] memcmp() & co. timing info disclosures?
  - From: Marsh Ray

Prev by Author: [tor-dev] New paper by Goldberg, Stebila, and Ostaoglu with proposed circuit handshake
Next by Author: Re: [tor-dev] memcmp() & co. timing info disclosures?
Previous by thread: Re: [tor-dev] memcmp() & co. timing info disclosures?
Next by thread: Re: [tor-dev] memcmp() & co. timing info disclosures?
Index(es):
- Author
- Thread