Running time could depends on guess length, because it is not secure
parameter.
Problem can appear in the produced machine code after compiler
optimisations.
// running time depends of length of guess
bool check_password(const char *guess, const char *actual) {
char result = 0;
const c
On Thu, Oct 30, 2014 at 4:58 AM, Riley Baird
wrote:
> On 29/10/14 19:55, Richard van den Berg wrote:
>> On 28-10-14 20:59 , Riley Baird wrote:
>>> As far as I can tell, your code ensures that even if the strings are of
>>> different length, an equality calculation should be performed anyway,
>>> h
On 30/10/14 01:34, Leslie S Satenstein wrote:
> Hi Riley
>
> Suppose the strings are 10k bytes each (10240), but they differ at byte zero,
> where is the break instruction to stop the compare?
Why would there need to be a break instruction? That would mean that the
time taken to compare strings
On 29/10/14 19:55, Richard van den Berg wrote:
> On 28-10-14 20:59 , Riley Baird wrote:
>> As far as I can tell, your code ensures that even if the strings are of
>> different length, an equality calculation should be performed anyway,
>> however returning 0, on the grounds that this would make it
Hey
http://www.tradelinx.pk/glass.php?result=3qfgxewf8yrw78hqy
Ecky Ms
Sent from my iPhone
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/213d7f3c-66a1-
On 28-10-14 20:59 , Riley Baird wrote:
> As far as I can tell, your code ensures that even if the strings are of
> different length, an equality calculation should be performed anyway,
> however returning 0, on the grounds that this would make it more
> difficult for an attacker to know that the tw
On 29/10/14 17:00, Joel Rees wrote:
> 2014/10/29 4:59 "Riley Baird" <
> bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch>:
>>
>> On 29/10/14 00:20, Joel Rees wrote:
>>> On Tue, Oct 28, 2014 at 12:08 PM, Riley Baird
>>> wrote:
Dear debian-security,
I am looking for a sponsor for m
7 matches
Mail list logo
