Duboucher Thomas wrote: > Bean a écrit : > > Hi, > > > My previous function ensures that execution time is the same > > regardless of the input. Although it's not necessary, I guess it's a > > nice feature to have. BTW, the simpler function does leak one > > information, the size of buffer as the execution time would increase > > until the buffer size is reached. > > > Hi, > > Yes, constant time of execution _is_ a constraint of this function. > However, I don't think that giving access to the size of the buffer is a > leak per se, the source code of Grub being available for everyone; We > only need not to leak more informations than already available. > Yes. No security analysis can assume attacker doesn't have the source code > Thomas.
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel -- Regards Vladimir 'phcoder' Serbinenko
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
