On Tue, Nov 10, 2009 at 4:06 AM, Pedro A ARANDA <paag...@hotmail.com> wrote:
> Hi all,
>
> just my .00002 euto-cents:
>
> With this function, you always assume that strlen(s1) <= strlen(s2),
> right?
>
>> int
>> grub_auth_strcmp (const char *s1, const char *s2)
>> {
>> int n;
>> volatile int ret = 0;
>>
>> for (n = grub_strlen (s1); n >= 0; n--)
>> {
>> if (*s1 != *s2)
>> ret |= 1;
>> else
>> ret |= 0;
>>
>> s1++; s2++;
>> }
>>
>> return ret;
>> }
>
> because if not, you'd have to
>
> if (*s1 == 0 || *s2 == 0)
> break;
>
> in the loop and the return would be something like
>
> return *s1 == 0 && *s2 == 0 && ret == 1;
>
> And then you can continue simplifying to
>
> while (1) {
> if (*s1 != *s2) break;
> if (*s1 == 0) break;
> if (*s2 == 0) break;
> s1++; s2++;
> }
> return *s1 == 0 && *s2 == 0;
>
> Again, just my .00002 euro-cents or less
That's a good efficient strcmp, but the execution time leaks all kinds
of information about the secret. Specifically, when there's a front
subset match, the function will run longer. That allows a brute force
attacker to break the password in linear time with the password length
instead of exponential time. auth_strcmp is specifically trying to
avoid any data-dependent branching.
>
> Cheers,/PA
>
> ________________________________
> Windows Live: Keep your friends up to date with what you do online.
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel
>
>
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
