[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] memcmp() & co. timing info disclosures?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] memcmp() & co. timing info disclosures?
From: Chris Palmer <chris@xxxxxxx>
Date: Fri, 6 May 2011 22:56:31 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 07 May 2011 01:56:49 -0400
In-reply-to: <4DC4DA1E.6080802@xxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <4DC480A2.4020600@xxxxxxxxxxxxxxxxxx> <BANLkTimbvHB5g7h2L0vL62JgRAnZhjZPUQ@xxxxxxxxxxxxxx> <4DC4B120.50406@xxxxxxxxxxxxxxxxxx> <4DC4DA1E.6080802@xxxxxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

On May 6, 2011, at 10:35 PM, Marsh Ray wrote:

> Of course, we could always just compute SHA-256 hashes of each side and then compare those, right? :-)

Yes, Brad Hill suggested that (in a Java/C# context). Nate Lawson didn't like it on performance grounds, but I don't recall hearing any correctness-related complaints.

http://www.isecpartners.com/blog/2011/2/18/double-hmac-verification.html

You could use the volatile sledgehammer, and then use a unit test to make sure that it remains working over time. And/or you could put it in its own file, and compile it with -O0, in case that helps.


-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation
https://www.eff.org/code

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] memcmp() & co. timing info disclosures?
  - From: Marsh Ray
- Re: [tor-dev] memcmp() & co. timing info disclosures?
  - From: Nick Mathewson
- Re: [tor-dev] memcmp() & co. timing info disclosures?
  - From: Marsh Ray
- Re: [tor-dev] memcmp() & co. timing info disclosures?
  - From: Marsh Ray

Prev by Author: Re: [tor-dev] memcmp() & co. timing info disclosures?
Next by Author: Re: [tor-dev] memcmp() & co. timing info disclosures?
Previous by thread: Re: [tor-dev] memcmp() & co. timing info disclosures?
Next by thread: [tor-dev] Orbot 1.0.5 Release Candidate
Index(es):
- Author
- Thread