Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751880AbdFKINM (ORCPT ); Sun, 11 Jun 2017 04:13:12 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:53640 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751725AbdFKINJ (ORCPT ); Sun, 11 Jun 2017 04:13:09 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 4A71D609FB Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=kvalo@codeaurora.org From: Kalle Valo To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, Anna Schumaker , David Howells , David Safford , "David S. Miller" , Gilad Ben-Yossef , Greg Kroah-Hartman , Gustavo Padovan , "J. Bruce Fields" , Jeff Layton , Johan Hedberg , Johannes Berg , Marcel Holtmann , Mimi Zohar , Trond Myklebust , keyrings@vger.kernel.org, linux-bluetooth@vger.kernel.org, linux-nfs@vger.kernel.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org Subject: Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important References: <20170610025912.6499-1-Jason@zx2c4.com> Date: Sun, 11 Jun 2017 11:13:01 +0300 In-Reply-To: <20170610025912.6499-1-Jason@zx2c4.com> (Jason A. Donenfeld's message of "Sat, 10 Jun 2017 04:59:06 +0200") Message-ID: <878tkzq6wi.fsf@purkki.adurom.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 329 Lines: 10 "Jason A. Donenfeld" writes: > Whenever you're comparing two MACs, it's important to do this using > crypto_memneq instead of memcmp. With memcmp, you leak timing information, > which could then be used to iteratively forge a MAC. Do you have any pointers where I could learn more about this? -- Kalle Valo