[cryptography] Digest comparison algorithm

D. J. Bernstein djb at cr.yp.to
Fri Dec 2 03:08:05 EST 2011

Some resources for people interested in these security issues:

   * http://cr.yp.to/talks.html#2007.05.28 (how to avoid leakage from
     branches and caches; see the "Exercise: Forge IPsec packets" slide
     for some discussion of digest comparison)

   * http://cr.yp.to/mac/constanttime_isequal.c (2005 code for
     constant-time comparison; probably there are earlier references)

   * http://nacl.cr.yp.to (a high-security high-speed cryptographic
     library with no secret branches and no secret memory addresses)

   * http://cr.yp.to/papers.html#coolnacl (new paper discussing various
     cryptographic disasters addressed by this library)

---D. J. Bernstein
   Research Professor, Computer Science, University of Illinois at Chicago

More information about the cryptography mailing list