grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Imminent bugfix release (1.97.1)

From: Robert Millan
Subject: Re: Imminent bugfix release (1.97.1)
Date: Mon, 9 Nov 2009 19:10:10 +0100
User-agent: Mutt/1.5.18 (2008-05-17) 
On Mon, Nov 09, 2009 at 06:46:16PM +0100, Duboucher Thomas wrote:
> 
>       Ok, I typed this in a few minutes and I'm not confident either with
> what I wrote; I would check that it works first. ;)
>       But the point here is that whatever the user gives as an input, it is
> executed exactly n-th times, n being the length of the user input; and
> that whatever the result of the 'if' statement is, the CPU realizes the
> same amount of operations. By doing so, the attacker will only find out
> how long it takes to make the comparison with a n caracters long input.

Actually, modern CPUs are very complex and the number of operations (or
time taken by them) isn't easy to predict.

-- 
Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."
reply via email to
[Prev in Thread] Current Thread [Next in Thread]