Hi all,
It could be optimized a little since 256 is too much for now.
How about make MAX returns max of 3 values?
len = MAX(known_len, user_len, 64);
On Tue, Feb 4, 2014 at 1:06 PM, Yasuo Ohgaki <[email protected]> wrote:
> + /**
> + * If known_string has a length of 0 we set the length to 1,
> + * this will cause us to compare all bytes of userString with the null
> byte which fails
> + */
> + mod_len = MAX(known_len, 1);
> len = MAX(known_len, 256);
>
len = MAX(known_len, user_len, 64);
> +
> + /* This is security sensitive code. Do not optimize this for speed. */
> + result = known_len - user_len;
>
> + for (j = 0; j < user_len; j++) {
>
> for (j = 0; j < len; j++) {
>
>
> + result |= known_str[j % mod_len] ^ user_str[j];
>
> result |= known_str[j % known_len] ^ user_str[j % user_len];
> + }
>
64 is long enough for SHA-256 and if parameter is longer than that it will
be used.
Even if user used it to compare 'raw password', they are protected well
from timing
attack.
Regards,
--
Yasuo Ohgaki
[email protected]