[tor-dev] memcmp() & co. timing info disclosures?
Nick Mathewson
nickm at freehaven.net
Sat May 7 01:00:37 UTC 2011
On Fri, May 6, 2011 at 7:13 PM, Marsh Ray <marsh at extendedsubset.com> wrote:
>
> Greetings all,
>
Hi, Marsh!
I replied on https://trac.torproject.org/projects/tor/ticket/3122#comment:4
. The particular case that you mention is (I think) safe (see
discussion there), but the problem in general is worrisome and we
should indeed replace (nearly) all of our memcmps with
data-independent variants.
(Pedantic nit-pick: we should be saying "data-independent," not
"constant-time." We want a memcmp(a,b,c) that takes the same number
of cycles for a given value of c no matter what a and b are. That's
data-independence. A constant-time version would be one that took the
same number of cycles no matter what c is.)
--
Nick
More information about the tor-dev
mailing list