On Thu, 15 Sep 2022 05:21:52 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> Speaking of MessageDigest.isEqual, we don't need constant time comparison >> here. We could use Arrays.equals for some extra performance. > > Actually, never mind that. We need constant time comparison to avoid leaking > information about differences between old and new key. Sorry for the noise. @djelinski If both styles (w/o constant-time operations) get used in the code, it may take time to analysis the potential secret leaking issues for code readers until there is a clear comment. As may add additional human and maintenance cost, which may be as expensive as the computer cost, especially when something goes wrong. So normally, I prefer to constant-time operations for secret informations, no matter if the operations expose to attacking surfaces or not. Just my $.02. ------------- PR: https://git.openjdk.org/jdk/pull/10263
