[tor-dev] memcmp() & co. timing info disclosures?

Chris Palmer chris at eff.org
Sat May 7 05:56:31 UTC 2011

On May 6, 2011, at 10:35 PM, Marsh Ray wrote:

> Of course, we could always just compute SHA-256 hashes of each side and then compare those, right? :-)

Yes, Brad Hill suggested that (in a Java/C# context). Nate Lawson didn't like it on performance grounds, but I don't recall hearing any correctness-related complaints.


You could use the volatile sledgehammer, and then use a unit test to make sure that it remains working over time. And/or you could put it in its own file, and compile it with -O0, in case that helps.

Chris Palmer
Technology Director, Electronic Frontier Foundation

More information about the tor-dev mailing list