[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Imminent bugfix release (1.97.1)
From: |
Vladimir 'phcoder' Serbinenko |
Subject: |
Re: Imminent bugfix release (1.97.1) |
Date: |
Tue, 10 Nov 2009 20:04:31 +0100 |
User-agent: |
Mozilla-Thunderbird 2.0.0.22 (X11/20091109) |
Bean wrote:
> On Tue, Nov 10, 2009 at 10:25 PM, Duboucher Thomas <address@hidden> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Bean a écrit :
>>
>>> Hi,
>>>
>>> Oh, I just come up with a better way to do this:
>>>
>>> typedef char grub_password_t[1024];
>>>
>>> int
>>> grub_auth_strcmp (const grub_password_t s1, const grub_password_t s2)
>>> {
>>> char r1 = 0;
>>> char r2 = 0;
>>> char *p;
>>> int i, c;
>>>
>>> p = &r1;
>>> c = 0;
>>> for (i = 0; i < sizeof (grub_password_t); i++, s1++, s2++)
>>> {
>>> *p | = (*s1 ^ *s2);
>>> if ((int) *s1 == c)
>>> {
>>> p = &r2;
>>> c = 0x100;
>>> }
>>> }
>>>
>>> return (r1 != 0);
>>> }
>>>
>>> The condition (int) *s1 == c would be true exactly once.
>>>
>>>
>> Well, it seems I lost something somewhere. I don't understand the need
>> of doing it exactly sizeof (grub_password_t) times, except from having a
>> perfectly symetric function. IMHO, stopping the comparison when the
>> input buffer is done reading, or when the maximum size of a passphrase
>> is reached does not leak any information to the attacker. So I would
>> stick to
>>
>> typedef char grub_password_t[1024];
>>
>>
With this change grub_auth_strcmp becomes a misnomer. I would prefer to
call it grub_auth_memcmp then. I'll also look into which other free
secure strcmp are available
>> int
>> auth_strcmp (const grub_password_t input, grub_password_t key)
>> {
>> int retval, it;
>>
>> for (it = retval = 0; it < PASSPHRASE_MAXSIZE; it++, input++, key++)
>> {
>> retval |= (*input != *key);
>>
>> if (*input == '\0')
>> break;
>> }
>>
>> return !retval;
>> }
>>
>> Also, take care that it requires to check how the function is
>> optimized; sometimes you have surprises ... ;)
>>
>
> Hi,
>
> My previous function ensures that execution time is the same
> regardless of the input. Although it's not necessary, I guess it's a
> nice feature to have. BTW, the simpler function does leak one
> information, the size of buffer as the execution time would increase
> until the buffer size is reached.
>
>
>
--
Regards
Vladimir 'phcoder' Serbinenko
signature.asc
Description: OpenPGP digital signature
- Re: Imminent bugfix release (1.97.1), (continued)
- Re: Imminent bugfix release (1.97.1), Bean, 2009/11/10
- Re: Imminent bugfix release (1.97.1), Bean, 2009/11/10
- Re: Imminent bugfix release (1.97.1), Bean, 2009/11/10
- Re: Imminent bugfix release (1.97.1), Bean, 2009/11/10
- Re: Imminent bugfix release (1.97.1), Bean, 2009/11/10
- Re: Imminent bugfix release (1.97.1), Bean, 2009/11/10
- Re: Imminent bugfix release (1.97.1), Duboucher Thomas, 2009/11/10
- Re: Imminent bugfix release (1.97.1), Bean, 2009/11/10
- Re: Imminent bugfix release (1.97.1), Duboucher Thomas, 2009/11/10
- Re: Imminent bugfix release (1.97.1), Vladimir 'phcoder' Serbinenko, 2009/11/10
- Re: Imminent bugfix release (1.97.1),
Vladimir 'phcoder' Serbinenko <=
- Re: Imminent bugfix release (1.97.1), Duboucher Thomas, 2009/11/10
- Re: Imminent bugfix release (1.97.1), address@hidden, 2009/11/10
- Re: Imminent bugfix release (1.97.1), Duboucher Thomas, 2009/11/10