[liberationtech] Trsst Encryption
Guido Witmond
guido at witmond.nl
Thu Mar 20 07:58:32 PDT 2014
On 03/20/14 14:17, Michael Rogers wrote:
> You should use a constant-time comparison here to avoid timing
> attacks. Something like:
>
> boolean matches = true;
> for (i = 0; i < 32; i++) {
> matches &= (digest[i] == decoded[i + 32]);
> }
> if (!matches) {
> // incorrectly decoded: we're not the intended recipient
> return null;
> }
Wouldn't this be vulnerable to a compiler-optimisation that
short-circuits the &= operator?
If so, will this be better?
// count the number of matches; must be equal to length.
int len = 32
int matchcount = 0
for (i = 0; i < len; i++) {
matches += !(digest[i] == decoded[i + len]);
}
if (matches != len) {
// incorrectly decoded: we're not the intended recipient
return null;
}
regards, Guido Witmond.
More information about the liberationtech
mailing list