Closed yoursunny closed 2 years ago
Compare digests in non-constant-time == bad.
Moreover, bytes.EqualFold
would treat 0x41 and 0x61 as equal (it's Unicode case insensitive comparison), which is definitely wrong.
Compare digests in non-constant-time == bad.
In some cases, yes. Not here, afaics. There is no secret information to be leaked. But you haven't answered the question.
Moreover,
bytes.EqualFold
would treat 0x41 and 0x61 as equal (it's Unicode case insensitive comparison), which is definitely wrong.
Well, that's irrelevant to the "constant time" discussion. Just use Equal
instead of EqualFold
.
What's the argument against using a constant time algorithm? Performance difference is negligible.
This PR is an improvement because it fixes bugs and adds tests.
What's the argument against using a constant time algorithm? Performance difference is negligible.
Right. So let's add constant time comparisons EVERYWHERE. Let me open a PR for that...
yay! 🎉 cargo cult ""security""! 🤦
Well, I don't really care side channel attack. But since this fixes EqualFold
problem and the performance cost is negligible, I think it should be merged. This does not mean I want to do constant time comparisons everywhere.
The EqualFold
bug has been there for months... now you suddenly felt the urge to fix it this very second, even though a better fix had already been suggested? Even then, the commit message is wrong, as it misrepresents the nature of the problem.
I think I shouldn't discourage people by rejecting a useful PR, given that we do lack of human powers.
If ConstantTimeCompare
is harmful, I can patch it with another commit changing it back to Equal
.
YaNFD has not reached its first stable release, so I think this is acceptable.
Actually just several months back, I merged a commit from Yash that even does not compile (the TCP unicast face one). I added a patch to make it work.
Who said anything about rejecting... PRs can be amended though...
OK. Thank you for your comments. I will consider that next time.
Why? What's the attack scenario? There are no secrets here.