On 03/20/14 14:17, Michael Rogers wrote:
> You should use a constant-time comparison here to avoid timing
> attacks. Something like:
>
> boolean matches = true;
> for (i = 0; i < 32; i++) {
> matches &= (digest[i] == decoded[i + 32]);
> }
> if (!matches) {
> // incorrectly decoded: we're not the intended recipient
> return null;
> }
Wouldn't this be vulnerable to a compiler-optimisation that
short-circuits the &= operator?
If so, will this be better?
// count the number of matches; must be equal to length.
int len = 32
int matchcount = 0
for (i = 0; i < len; i++) {
matches += !(digest[i] == decoded[i + len]);
}
if (matches != len) {
// incorrectly decoded: we're not the intended recipient
return null;
}
regards, Guido Witmond.
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by emailing moderator at
[email protected].
