Write and use constant-time comparison functions
|Reported by:||rransom||Owned by:||nickm|
|Cc:||desnacked@…, iang@…||Actual Points:|
We should have constant-time comparison functions available in Tor, and use them whenever we compare cryptographic values or passwords.
We probably don't need to do all of our comparisons of digests in constant time, but once we have constant-time comparison functions around, it will be easier to use them than to convince ourselves that we don't need to in any particular spot.
Change History (33)
comment:28 Changed 5 years ago by nickm
- Owner changed from ioerror to nickm
- Status changed from needs_review to accepted
comment:30 Changed 5 years ago by arma
- Milestone changed from Tor: 0.2.1.x-final to Tor: 0.2.3.x-final
comment:31 Changed 5 years ago by nickm
- Resolution set to fixed
- Status changed from accepted to closed