camoy
commented
10 months ago I did a quick test and this ticks function should be good enough for our purposes:
(define (ticks thk)
(define before (current-memory-use 'cumulative))
(thk)
(define after (current-memory-use 'cumulative))
(- after before))Just doing a couple experiments, if you correctly implement check-password without timing leaks, you'll get either exactly the same number of ticks or a few hundred off. The leaky version can have way more ticks in the worst case (can be like 2x more), so that's easily detectable.
dbp
We had an assignment last year, that I'd like to do in some form:
Here in the current version: (not a particularly stable url) https://courses.dbp.io/logics24/hw3a.html#(part._.Problem_3)
Essentially, they are given a not constant time password checking function, are asked to write a spec that verifies that, and then fix the code. Because timing really requires sampling, and I didn't have an easy way to do that, I simulated the time with a "clock tick" mutable ref. This meant, of course, they had to use specific functions that incremented that, but seemed to work okay.
Either we should figure out a better way of doing this (@camoy mentioned using allocations as a proxy for time, or really, change the problem to constant space; wonder if that still requires sampling), which maybe means having some ability to sample?
Or should just build in the same functionality as I had last year.