Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

On 6/11/2017 11:30 PM, Emil Lenngren wrote: 2017-06-11 22:48 GMT+02:00 Emmanuel Grumbach : On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote: On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote: "Jason A. Donenfeld"

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

On 6/11/2017 11:30 PM, Emil Lenngren wrote: 2017-06-11 22:48 GMT+02:00 Emmanuel Grumbach : On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote: On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote: "Jason A. Donenfeld" writes: Whenever you're comparing two MACs, it's important to do this

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

On Mon, Jun 12, 2017 at 12:30 AM, Emil Lenngren wrote: > 2017-06-11 22:48 GMT+02:00 Emmanuel Grumbach : >> On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote: >>> >>> On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

On Mon, Jun 12, 2017 at 12:30 AM, Emil Lenngren wrote: > 2017-06-11 22:48 GMT+02:00 Emmanuel Grumbach : >> On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote: >>> >>> On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote: >>> > "Jason A. Donenfeld" writes: >>> > >>> >> Whenever you're comparing two

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

2017-06-11 22:48 GMT+02:00 Emmanuel Grumbach : > On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote: >> >> On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote: >> > "Jason A. Donenfeld" writes: >> > >> >> Whenever

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

2017-06-11 22:48 GMT+02:00 Emmanuel Grumbach : > On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote: >> >> On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote: >> > "Jason A. Donenfeld" writes: >> > >> >> Whenever you're comparing two MACs, it's important to do this using >> >> crypto_memneq

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

Hi Stephan, On Sun, Jun 11, 2017 at 11:06 PM, Stephan Müller wrote: > Are you planning to send an update to your patch set? If yes, there is another > one which should be converted too: crypto/rsa-pkcs1pad.c. I just sent an update to this thread patching that, per your

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

Hi Stephan, On Sun, Jun 11, 2017 at 11:06 PM, Stephan Müller wrote: > Are you planning to send an update to your patch set? If yes, there is another > one which should be converted too: crypto/rsa-pkcs1pad.c. I just sent an update to this thread patching that, per your suggestion. Since these

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

Am Samstag, 10. Juni 2017, 04:59:06 CEST schrieb Jason A. Donenfeld: Hi Jason, > Whenever you're comparing two MACs, it's important to do this using > crypto_memneq instead of memcmp. With memcmp, you leak timing information, > which could then be used to iteratively forge a MAC. This is far too

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

Am Samstag, 10. Juni 2017, 04:59:06 CEST schrieb Jason A. Donenfeld: Hi Jason, > Whenever you're comparing two MACs, it's important to do this using > crypto_memneq instead of memcmp. With memcmp, you leak timing information, > which could then be used to iteratively forge a MAC. This is far too

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote: > > On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote: > > "Jason A. Donenfeld" writes: > > > >> Whenever you're comparing two MACs, it's important to do this using > >> crypto_memneq

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook wrote: > > On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote: > > "Jason A. Donenfeld" writes: > > > >> Whenever you're comparing two MACs, it's important to do this using > >> crypto_memneq instead of memcmp. With memcmp, you leak timing information,

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote: > "Jason A. Donenfeld" writes: > >> Whenever you're comparing two MACs, it's important to do this using >> crypto_memneq instead of memcmp. With memcmp, you leak timing information, >> which could then be

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote: > "Jason A. Donenfeld" writes: > >> Whenever you're comparing two MACs, it's important to do this using >> crypto_memneq instead of memcmp. With memcmp, you leak timing information, >> which could then be used to iteratively forge a MAC. > > Do

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

"Jason A. Donenfeld" writes: > Whenever you're comparing two MACs, it's important to do this using > crypto_memneq instead of memcmp. With memcmp, you leak timing information, > which could then be used to iteratively forge a MAC. Do you have any pointers where I could learn

Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

"Jason A. Donenfeld" writes: > Whenever you're comparing two MACs, it's important to do this using > crypto_memneq instead of memcmp. With memcmp, you leak timing information, > which could then be used to iteratively forge a MAC. Do you have any pointers where I could learn more about this?

[PATCH 0/6] Constant Time Memory Comparisons Are Important

Whenever you're comparing two MACs, it's important to do this using crypto_memneq instead of memcmp. With memcmp, you leak timing information, which could then be used to iteratively forge a MAC. This is far too basic of a mistake for us to have so pervasively in the year 2017, so let's begin

[PATCH 0/6] Constant Time Memory Comparisons Are Important

Whenever you're comparing two MACs, it's important to do this using crypto_memneq instead of memcmp. With memcmp, you leak timing information, which could then be used to iteratively forge a MAC. This is far too basic of a mistake for us to have so pervasively in the year 2017, so let's begin