On Dec 2, 2011, at 7:27 PM, Marsh Ray wrote:

> On 12/01/2011 05:31 PM, Jon Callas wrote:
>> 
>>      for (i = 0; i<  min(digest.length, secret.length); i++) {
>>             failure |= (digest[i] != hash[i]);       // Check each byte for 
>> non-match
>>      }
>> 
>>      return failure == 0;   // return true if we didn't fail. Yeah, 
>> confusing.
> 
> Again, the problem with this is a sufficiently smart compiler may optimize 
> this into a shortcut loop termination at the first mismatch. Or so I hear.
> 
> I'd look closely at DJB's library.

I'd doubt it, but more of a reason to use the XOR trick, or even just inline 
everything.

        Jon

_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to