Re: const time authentication in bozohttpd

[Lars Heidieker <lars%heidieker.de@localhost>]

On 06/26/2014 09:45 PM, Mindaugas Rasiukevicius wrote:
> Joerg Sonnenberger <joerg%britannica.bec.de@localhost> wrote:
>> On Wed, Jun 25, 2014 at 08:08:57PM +0100, Mindaugas Rasiukevicius wrote:
>>> "Terry Moore" <tmm%mcci.com@localhost> wrote:
>>>> Perhaps this is a silly comment; but wouldn't it be easier to simply
>>>> time stamp the incoming request, and then spin for any authentication
>>>> failure until a suitable fixed time has elapsed after the inbound
>>>> arrival? Or are you worried about local cache-interference attacks as
>>>> well? 
>>>
>>> Why fixed time?  Make it random time.
>>
>> Random noise can be filtered out moderately easy.
> 
> If you add it on top of the memcmp(), then yes.  Not if you make the total
> time random (take a timestamp from before the operation), just need ensure
> that it is above the upper bound.
> 

But just making the compare const runtime does the job of not leaking
any information about the compare, which is of use if the hash compare
is used in a different context.
Making the whole authentication-process bound by an random time seems to
me as good as making it bound by static time (both above the upper
bound) as both will hide any runtime differences.

just my 2 cents...


-- 
------------------------------------

Mystische Erklärungen:
Die mystischen Erklärungen gelten für tief;
die Wahrheit ist, dass sie noch nicht einmal oberflächlich sind.

   -- Friedrich Nietzsche
   [ Die Fröhliche Wissenschaft Buch 3, 126 ]