On Dec 2, 2011, at 7:27 PM, Marsh Ray wrote:
> On 12/01/2011 05:31 PM, Jon Callas wrote:
>>
>> for (i = 0; i< min(digest.length, secret.length); i++) {
>> failure |= (digest[i] != hash[i]); // Check each byte for
>> non-match
>> }
>>
>> return failure == 0; // return true if we didn't fail. Yeah,
>> confusing.
>
> Again, the problem with this is a sufficiently smart compiler may optimize
> this into a shortcut loop termination at the first mismatch. Or so I hear.
>
> I'd look closely at DJB's library.
I'd doubt it, but more of a reason to use the XOR trick, or even just inline
everything.
Jon
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography