[cryptography] Digest comparison algorithm

ianG iang at iang.org
Thu Dec 1 17:59:38 EST 2011


On 2/12/11 09:37 AM, Jerrie Union wrote:
> I’m wondering, if it’s running as some authenticated server application, if
> it should be considered as resistant to time attacks nowadays. I’m aware that’s
> not a good practice, but I’m not clear if I should consider it as exploitable over the
> network (on both intranet and internet scenarios).

You're doing a digest first, so the remaining code is in the noise 
level.  And even if it comes back with some detectable difference, 
what's it telling you?  You can't look back from the bit position of the 
wrong guess easily enough to make any sense of it, that's the property 
of a message digest.

But if it's a worry, rewrite it?

    int sum = 0;
    for (i = 0; i < digest.length; i++)
       sum += abs(digest[i] - hash[i]);

    return (0 == sum);


(Just thinking about it, not checking it at all...)

iang



More information about the cryptography mailing list