-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/25/2014 07:37 AM, Scott Arciszewski wrote:
I would like to, at the minimum, suggest making the following
functions run in constant time:
* bin2hex() * hex2bin() * base64_encode() * base64_decode() *
mcrypt_encrypt() -- requires delving
http://events.ccc.de/congress/2012/Fahrplan/attachments/2235_29c3-schinzel.pdf
No, a random delay is not sufficient.
Or, write yourself an extension and mirror the implementations of all
these functions. pecl/ts_string or something like that and provide
ts_bin2hex() and/or have the extension
On 26/11/14 16:29, Scott Arciszewski wrote:
That's a rather extreme reaction to trying to patch string operations that
real-world frameworks use to handle crypto secrets, don't you think?
Hmm, no.
--
Regards,
Mike
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe,
That's a rather extreme reaction to trying to patch string operations that
real-world frameworks use to handle crypto secrets, don't you think?
and there are at least that much, but probably lot more usages in the
wild(see https://github.com/search?l=phpq=bin2hextype=Codeutf8=%E2%9C%93
for
On 26 November 2014 at 08:49, Ferenc Kovacs tyr...@gmail.com wrote:
That's a rather extreme reaction to trying to patch string operations that
real-world frameworks use to handle crypto secrets, don't you think?
and there are at least that much, but probably lot more usages in the
wild(see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/26/2014 07:29 AM, Scott Arciszewski wrote:
http://events.ccc.de/congress/2012/Fahrplan/attachments/2235_29c3-schinzel.pdf
No, a random delay is not sufficient.
Sure, I mentioned that if the scenario allows for lots of observations
then it
That seems like a lot of functions to artificially slow down.
Well, in most cases it shouldn't slow it down by a non-trivial margin.
It's not like comparison which removes the ability to short circuit,
where it can be extremely significantly longer.
When doing things like encoding or decoding,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/26/2014 11:45 AM, Anthony Ferrara wrote:
That seems like a lot of functions to artificially slow down.
Well, in most cases it shouldn't slow it down by a non-trivial
margin.
If that can be shown definitively, then I would have fewer
I don't like the idea of any mandatory slow down, trivial or not. This
should be opt in.
On Wed, Nov 26, 2014, 12:28 PM Rasmus Lerdorf ras...@lerdorf.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/26/2014 11:45 AM, Anthony Ferrara wrote:
That seems like a lot of functions
That is why I updated the PR and made it add a function (ts_bin2hex())
instead of replacing the existing behavior.
I could have sworn I already sent this to the list.
On Wed, Nov 26, 2014 at 3:45 PM, Korvin Szanto korvinsza...@gmail.com
wrote:
I don't like the idea of any mandatory slow down,
I'm of the opinion, this:
On 26 November 2014 at 19:45, Anthony Ferrara ircmax...@gmail.com wrote:
The two mcrypt functions, IMHO **MUST** be made timing safe, no matter
what, since they **always** deal with sensitive information.
Extended to any crypto functions too.
But for everything
Forgot to reply all, it seems.
-- Forwarded message --
From: Scott Arciszewski sc...@arciszewski.me
Date: Wed, Nov 26, 2014 at 11:59 AM
Subject: Re: [PHP-DEV] Fwd: [php-src] Constant-Time bin2hex()
implementation (#909)
To: Ferenc Kovacs tyr...@gmail.com
On Wed, Nov 26, 2014
Hi Internals!
I've submitted a PR based on Frank Denis's work in libsodium that makes
bin2hex() run in constant time () as an improvement to mitigate
cache-timing attacks. My motivation for doing so is that many developers
(including myself) use base-16 and base-64 encoding to store cryptographic
Scott Arciszewski wrote on 25/11/2014 15:37:
Hi Internals!
I've submitted a PR based on Frank Denis's work in libsodium that makes
bin2hex() run in constant time () as an improvement to mitigate
cache-timing attacks. My motivation for doing so is that many developers
(including myself) use
14 matches
Mail list logo