Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:70866 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 57797 invoked from network); 23 Dec 2013 22:31:21 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Dec 2013 22:31:21 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.47 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.215.47 mail-la0-f47.google.com Received: from [209.85.215.47] ([209.85.215.47:65481] helo=mail-la0-f47.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 91/32-41130-7B9B8B25 for ; Mon, 23 Dec 2013 17:31:20 -0500 Received: by mail-la0-f47.google.com with SMTP id ep20so2500550lab.6 for ; Mon, 23 Dec 2013 14:31:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=pgt1zSgvs0RyKOXs8dY/crcyUp2yeKGa5qwPhOwknPk=; b=InlFxJYGU+TzFWb1NbHpIsmpi6i78JhjDcRjNvvmGvYVB4YOG4fmtChQQi1kP/0bh9 5oOAifGnOy0O4GmPvzB/ivlLF09K6IQNaZMsISBD3Qf2uswzLzimZGeP0MpIm5b/0c8E pQ2+vc+XFGPfTQxhXjjtgU1+UnxO1O8+riQq1/545p+94f8b4378sEJJMJKWAReY6e7t DeYzafMJVsw8h8F38K8OtC83Nz19odILiTWa9CHJvg/b/pFDDknuZYD9JS3liUm0+RUO SJW547fZw7a2hwMVPYEvJrSYMfpb/CODAUfJ2UIuv6HkvEFzNCfdoFvXw0Q7D03X9+L2 IXcg== X-Received: by 10.112.128.226 with SMTP id nr2mr11182708lbb.17.1387837876509; Mon, 23 Dec 2013 14:31:16 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.6.68 with HTTP; Mon, 23 Dec 2013 14:30:36 -0800 (PST) In-Reply-To: <52B80A7F.1030509@php.net> References: <3014595E-B155-47F6-AC7B-71083D89525D@rouvenwessling.de> <52B7209C.2040802@ajf.me> <3EFE191D-2A93-47E9-805D-538950849C96@rouvenwessling.de> <52B80A7F.1030509@php.net> Date: Tue, 24 Dec 2013 07:30:36 +0900 X-Google-Sender-Auth: U6hgjZPCNFQ6uZJvpO2dK-80jvQ Message-ID: To: Joe Watkins Cc: "internals@lists.php.net" , =?UTF-8?Q?Rouven_We=C3=9Fling?= Content-Type: multipart/alternative; boundary=047d7b3a84c2a2a0ba04ee3b2f02 Subject: Re: [PHP-DEV] [RFC] Timing attack safe string comparison function From: yohgaki@ohgaki.net (Yasuo Ohgaki) --047d7b3a84c2a2a0ba04ee3b2f02 Content-Type: text/plain; charset=UTF-8 Hi all, On Mon, Dec 23, 2013 at 7:03 PM, Joe Watkins wrote: > I'm glad you read it as you did, I was kinda thinking out loud, > where I ended was my final conclusion that it may be worth while as a > complimentary tool in the hashing toolbox, and I'd prefer its name to > reflect that. I agree. It would be better named explicitly. "strcmp_secure()" or something like this would be good, as it could be used any security sensitive string comparison. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --047d7b3a84c2a2a0ba04ee3b2f02--