Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72088 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 81178 invoked from network); 3 Feb 2014 17:10:10 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2014 17:10:10 -0000 Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.219.53 as permitted sender) X-PHP-List-Original-Sender: nikita.ppv@gmail.com X-Host-Fingerprint: 209.85.219.53 mail-oa0-f53.google.com Received: from [209.85.219.53] ([209.85.219.53:39391] helo=mail-oa0-f53.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C6/37-35654-17DCFE25 for ; Mon, 03 Feb 2014 12:10:09 -0500 Received: by mail-oa0-f53.google.com with SMTP id m1so8265057oag.26 for ; Mon, 03 Feb 2014 09:10:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=QpOSqKEhwER1vXF6/i4bCZ3rPbQgjOekNIdsZdEBegQ=; b=aM4iyxg2LrAO4LSlA/Ufm4m5wajxRUSWlUOFec/S61Q/SbtmkNVvYRXdavpjTm0aE1 3x9pKZgJvSouOcCXokGEpsmMvDFBn9Z3DGSVreRX4CT9b4EXDObOZaAduss03ielcQTe DaxBXP9qkC0LCkBa01Uh6VCZKeooPytI8LH4x7nXzSZQ6Gxdze4OgCdjQrMiFgPoV9au VxkoChaDM7JhBewPeMlWNh3gRan+YgU8uINk118HEPVyQ+6X/YrXeAMlmkQp1B7BWY7e jMZVpOMjoDV1IwdTzhfMlQ6DaO5oTVV4AzOoTV0Z3jKCvX2mRR4ocnHw0cL8hL71pksU ErZQ== MIME-Version: 1.0 X-Received: by 10.182.40.201 with SMTP id z9mr2911799obk.45.1391447405559; Mon, 03 Feb 2014 09:10:05 -0800 (PST) Received: by 10.182.54.112 with HTTP; Mon, 3 Feb 2014 09:10:05 -0800 (PST) In-Reply-To: <9E3AA302-1EC1-4497-996F-716555CAAB64@rouvenwessling.de> References: <9E3AA302-1EC1-4497-996F-716555CAAB64@rouvenwessling.de> Date: Mon, 3 Feb 2014 18:10:05 +0100 Message-ID: To: =?ISO-8859-1?Q?Rouven_We=DFling?= Cc: PHP internals Content-Type: multipart/alternative; boundary=001a11c33b0255057404f1839837 Subject: Re: [PHP-DEV] [VOTE] Timing attack safe string comparison function From: nikita.ppv@gmail.com (Nikita Popov) --001a11c33b0255057404f1839837 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Sun, Feb 2, 2014 at 11:50 PM, Rouven We=DFling wro= te: > Hi internals, > > as I've received no further feedback I've opened the voting on "Timing > attack safe string comparison function": > > - https://wiki.php.net/rfc/timing_attack > > Voting ends on 2014/02/09 11:00PM UTC > > Best regards > Rouven > Did your code already get reviewed by someone with understanding of the issue? From a quick glance, two potential issues: * You are using MAX, i.e. an if-then-else branch. I'm pretty sure that the if and else branches will have different instruction counts in that case. Simple alternative would be something fixed like mod_len =3D known_len+1 or known_len&1. * You leak information on mod_len / known_len, because you will have different cache access patterns for comparing always the same 10 memory positions and 10000 different ones, at least I'd assume so. I don't know how you can prevent the latter issue, and if it is possible at all. Personally I'd just drop the length magic and explicitly document it to be safe for equal-length strings only. In any case you should have this reviewed by someone with more than just a cursory understanding of the matter. Nikita --001a11c33b0255057404f1839837--