* Daniel Borkmann:
> On 02/11/2013 08:00 PM, Florian Weimer wrote:
>> * Daniel Borkmann:
>
> Thanks for your feedback, Florian!
>
>>> + * memcmp_nta - memcmp that is secure against timing attacks
>>
>> It's not providing an ordering, so it should not have "cmp" in the
>> name.
>
> I agree. What wo
On 02/11/2013 08:00 PM, Florian Weimer wrote:
> * Daniel Borkmann:
Thanks for your feedback, Florian!
>> + * memcmp_nta - memcmp that is secure against timing attacks
>
> It's not providing an ordering, so it should not have "cmp" in the
> name.
I agree. What would you suggest? Probably, it wou
On 02/11/2013 07:37 PM, Andy Lutomirski wrote:
On 02/10/2013 02:00 PM, Daniel Borkmann wrote:
If you need to compare a password or a hash value, the timing of the
comparison function can give valuable clues to the attacker. Let's
say the password is 123456 and the attacker tries abcdef. If the
c
* Daniel Borkmann:
> + * memcmp_nta - memcmp that is secure against timing attacks
It's not providing an ordering, so it should not have "cmp" in the
name.
> + for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--)
> + res |= (*su1 ^ *su2);
The compiler could still short-cir
On 02/10/2013 02:00 PM, Daniel Borkmann wrote:
> If you need to compare a password or a hash value, the timing of the
> comparison function can give valuable clues to the attacker. Let's
> say the password is 123456 and the attacker tries abcdef. If the
> comparision function fails at the first byt
On 02/11/2013 12:50 AM, Greg KH wrote:
On Mon, Feb 11, 2013 at 12:30:51AM +0100, Daniel Borkmann wrote:
On 02/11/2013 12:24 AM, Joe Perches wrote:
On Sun, 2013-02-10 at 23:00 +0100, Daniel Borkmann wrote:
add memcmp_nta ({n}o {t}iming {a}ttacks)
Why should this be in the kernel?
As the com
On Mon, Feb 11, 2013 at 12:30:51AM +0100, Daniel Borkmann wrote:
> On 02/11/2013 12:24 AM, Joe Perches wrote:
> >On Sun, 2013-02-10 at 23:00 +0100, Daniel Borkmann wrote:
> >>add memcmp_nta ({n}o {t}iming {a}ttacks)
> >
> >Why should this be in the kernel?
>
> As the commit message already says, s
On 02/11/2013 12:24 AM, Joe Perches wrote:
On Sun, 2013-02-10 at 23:00 +0100, Daniel Borkmann wrote:
add memcmp_nta ({n}o {t}iming {a}ttacks)
Why should this be in the kernel?
As the commit message already says, so that current or future (e.g.) network
protocol code or modules can make use o
On Sun, 2013-02-10 at 23:00 +0100, Daniel Borkmann wrote:
> add memcmp_nta ({n}o {t}iming {a}ttacks)
Why should this be in the kernel?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://v
If you need to compare a password or a hash value, the timing of the
comparison function can give valuable clues to the attacker. Let's
say the password is 123456 and the attacker tries abcdef. If the
comparision function fails at the first byte without looking at the
other bytes, then the attacker
10 matches
Mail list logo
