[cryptography] Digest comparison algorithm
iang at iang.org
Thu Dec 1 17:59:38 EST 2011
On 2/12/11 09:37 AM, Jerrie Union wrote:
> I’m wondering, if it’s running as some authenticated server application, if
> it should be considered as resistant to time attacks nowadays. I’m aware that’s
> not a good practice, but I’m not clear if I should consider it as exploitable over the
> network (on both intranet and internet scenarios).
You're doing a digest first, so the remaining code is in the noise
level. And even if it comes back with some detectable difference,
what's it telling you? You can't look back from the bit position of the
wrong guess easily enough to make any sense of it, that's the property
of a message digest.
But if it's a worry, rewrite it?
int sum = 0;
for (i = 0; i < digest.length; i++)
sum += abs(digest[i] - hash[i]);
return (0 == sum);
(Just thinking about it, not checking it at all...)
More information about the cryptography