On 6/11/2017 11:30 PM, Emil Lenngren wrote:
2017-06-11 22:48 GMT+02:00 Emmanuel Grumbach :
On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote:
On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote:
"Jason A. Donenfeld" writes:
Whenever you're comparing two MACs, it's important to do this using
On Mon, Jun 12, 2017 at 12:30 AM, Emil Lenngren wrote:
> 2017-06-11 22:48 GMT+02:00 Emmanuel Grumbach :
>> On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote:
>>>
>>> On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote:
>>> > "Jason A. Donenfeld" writes:
>>> >
>>> >> Whenever you're comparing two M
2017-06-11 22:48 GMT+02:00 Emmanuel Grumbach :
> On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote:
>>
>> On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote:
>> > "Jason A. Donenfeld" writes:
>> >
>> >> Whenever you're comparing two MACs, it's important to do this using
>> >> crypto_memneq instead
Hi Stephan,
On Sun, Jun 11, 2017 at 11:06 PM, Stephan Müller wrote:
> Are you planning to send an update to your patch set? If yes, there is another
> one which should be converted too: crypto/rsa-pkcs1pad.c.
I just sent an update to this thread patching that, per your
suggestion. Since these is
Am Samstag, 10. Juni 2017, 04:59:06 CEST schrieb Jason A. Donenfeld:
Hi Jason,
> Whenever you're comparing two MACs, it's important to do this using
> crypto_memneq instead of memcmp. With memcmp, you leak timing information,
> which could then be used to iteratively forge a MAC. This is far too
On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote:
>
> On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote:
> > "Jason A. Donenfeld" writes:
> >
> >> Whenever you're comparing two MACs, it's important to do this using
> >> crypto_memneq instead of memcmp. With memcmp, you leak timing information,
>
On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote:
> "Jason A. Donenfeld" writes:
>
>> Whenever you're comparing two MACs, it's important to do this using
>> crypto_memneq instead of memcmp. With memcmp, you leak timing information,
>> which could then be used to iteratively forge a MAC.
>
> Do y
"Jason A. Donenfeld" writes:
> Whenever you're comparing two MACs, it's important to do this using
> crypto_memneq instead of memcmp. With memcmp, you leak timing information,
> which could then be used to iteratively forge a MAC.
Do you have any pointers where I could learn more about this?
--
Whenever you're comparing two MACs, it's important to do this using
crypto_memneq instead of memcmp. With memcmp, you leak timing information,
which could then be used to iteratively forge a MAC. This is far too basic
of a mistake for us to have so pervasively in the year 2017, so let's begin
clean
