[tor-bugs] #3122 [Tor Client]: Write and use constant-time comparison functions
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue May 10 01:33:42 UTC 2011
#3122: Write and use constant-time comparison functions
-------------------------+--------------------------------------------------
Reporter: rransom | Owner: ioerror
Type: enhancement | Status: new
Priority: major | Milestone: Tor: 0.2.1.x-final
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
I threw together some quick and dirty timing code at
http://www.wangafu.net/~nickm/volatile/memcmp_timing.gitbundle , based on
rransom's repo. The emphasis is on *dirty*: either i am testing it wrong,
or I am doing the stats wrong on the output, or something.
Things to check: Did I get the T-value calculation about right? Should I
just be piping the results to R to do my stats instead?
Does the way that I make a change to the n'th position between calling
memcmp (to prevent the compiler from caring that memcmp is
__attribute__((pure, const)) ) affect cacheing?
Suggestive datum: The reported T values are high even for the function
do_nothing_at_all, which doesn't actually do anything but add all the
bytes in its inputs and return the results. This suggests a bug in the
harness or in the analysis.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3122#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list