On Sun, Feb 2, 2014 at 11:50 PM, Rouven Weßling <[email protected]>wrote:
> Hi internals,
>
> as I've received no further feedback I've opened the voting on "Timing
> attack safe string comparison function":
>
> - https://wiki.php.net/rfc/timing_attack
>
> Voting ends on 2014/02/09 11:00PM UTC
>
> Best regards
> Rouven
>
Did your code already get reviewed by someone with understanding of the
issue? From a quick glance, two potential issues:
* You are using MAX, i.e. an if-then-else branch. I'm pretty sure that the
if and else branches will have different instruction counts in that case.
Simple alternative would be something fixed like mod_len = known_len+1 or
known_len&1.
* You leak information on mod_len / known_len, because you will have
different cache access patterns for comparing always the same 10 memory
positions and 10000 different ones, at least I'd assume so.
I don't know how you can prevent the latter issue, and if it is possible at
all. Personally I'd just drop the length magic and explicitly document it
to be safe for equal-length strings only. In any case you should have this
reviewed by someone with more than just a cursory understanding of the
matter.
Nikita