-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 20/03/14 19:30, Yuriy Kaminskiy wrote: > Note that all above variants may be NOT actually branchless and > thus NOT really constant-time (depending on architecture, jvm > implementation and options, etc). Most likely, resulting time > difference won't be sufficient to be useful for attacker, but... (I > doubt very much you can write guaranteed-constant-time code in java > (and most other high-level languages) at all.)
Yeah it would be really nice if Java had some way to mark a block of code "do no optimise". > PS If you don't want to invent bicycle, there are boolean > java.security.MessageDigest.isEqual(byte [], byte[]) method. Thanks for the pointer. The Javadoc doesn't say whether this is a constant-time comparison. In OpenJDK 6 it isn't. In OpenJDK 7 it does something similar to my original suggestion. So unfortunately it seems like this might be a case where bicycle-invention is necessary. http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/java/security/MessageDigest.java#MessageDigest.isEqual%28byte%5B%5D%2Cbyte%5B%5D%29 http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/7u40-b43/java/security/MessageDigest.java#MessageDigest.isEqual%28byte%5B%5D%2Cbyte%5B%5D%29 Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBCAAGBQJTLDYDAAoJEBEET9GfxSfMGPkIAK5G1yzYH7G9lWCt+lTO6MGo 7/rsNWFil0k3dBlI9oVcXEV7+eo+n3DygLdYBv/XmquDjEiVHDQd8j8hpDkjUv77 dNbJzrINgvAJScVfczfPTRemMfm+nuUTePN4T/g4CLTxybBfqr+I+cumrPq9Ez0+ IpzvoUT93NfQM3Z7bPbwTWj0mdm7BQtFau9m2fnUBeh0P+Vor1i1MTW/4pb6w47+ NAAib30nTK21ja8f3vSh5uJ/NEH9jLVaEnwL3lXOpc0DU2u+Hme73zFcVSnwk3gY u4mll9lKN1bZk/8kYgd+EU1HG2EB/z0863I1GuPE87rF1MJwSFZ4Nom4uOy7Ziw= =1uie -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
