-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/26/2014 07:29 AM, Scott Arciszewski wrote: > http://events.ccc.de/congress/2012/Fahrplan/attachments/2235_29c3-schinzel.pdf > > No, a random delay is not sufficient.
Sure, I mentioned that if the scenario allows for lots of observations then it would still be vulnerable because you could average out the uniformly distributed randomness which is all that paper is saying. But I am sure there are also cases where the sampling is limited to a number way less than what would be needed to achieve that. Like if you changed a secret after 3 tries, for example. > Or, write yourself an extension and mirror the implementations of > all these functions. pecl/ts_string or something like that and > provide ts_bin2hex() and/or have the extension override the > built-in versions if you really want to slow down every instance of > these. > > That's a rather extreme reaction to trying to patch string > operations that real-world frameworks use to handle crypto secrets, > don't you think? vs. slowing down millions of existing PHP apps that are using these functions for things that are in no way vulnerable to timing attacks? No, I don't think it is extreme at all, sorry. - -Rasmus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlR2K3AACgkQlxayKTuqOuBouACfWu9NGYwC/0Ahptll8RnAarBE 3woAoIR7vydqrpH9tmFsxVrbbdUqt3/V =P17j -----END PGP SIGNATURE----- -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
