[cryptography] Digest comparison algorithm

Jon Callas jon at callas.org
Sat Dec 3 03:20:27 EST 2011


On Dec 2, 2011, at 7:27 PM, Marsh Ray wrote:

> On 12/01/2011 05:31 PM, Jon Callas wrote:
>> 
>>      for (i = 0; i<  min(digest.length, secret.length); i++) {
>>             failure |= (digest[i] != hash[i]);	// Check each byte for non-match
>>      }
>> 
>>      return failure == 0;   // return true if we didn't fail. Yeah, confusing.
> 
> Again, the problem with this is a sufficiently smart compiler may optimize this into a shortcut loop termination at the first mismatch. Or so I hear.
> 
> I'd look closely at DJB's library.

I'd doubt it, but more of a reason to use the XOR trick, or even just inline everything.

	Jon




More information about the cryptography mailing list