-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Constant-time comparison: which approach is best? #20
Comments
Best approach is assembly, or using a dedicated function provided by the platform. When using a compiler, even more a JIT, there are no guarantees that it won't perform obvious optimizations. |
@jedisct1 I get your point, but my question is about the confines of a safe, managed .NET environment (ie. JIT, GC, and all the other attributes of NETFRAMEWORK & NETCORE). |
As @jedisct1 already pointed out, a platform-backed operation is probably a good choice. Since you already sprinkled some #ifdefs around, you can use CryptographicOperations.FixedTimeEquals on .NET Core 2.1. |
@henning-krause Does anyone know why Microsoft suddenly prefers |
@sdrapkin, in the link you provided, MS claims that Sub has the best constant-time execution. No proof for that, however.... |
Personally I don't trust code involving booleans or the Between substraction and xor I slightly prefer xor, since it never needs overflow checks, even when compiling with overflow checks enabled (which I often do).
It is special, because it's maintained by the same party as the JIT. So if a change to the JIT breaks the constant time guarantee of that function, they can (and should) adjust the function at the same time. IMO functions like this or secure zeroing should always be provided by the compiler maintainers, since they are the ones who can guarantee that they'll function correctly. The xoring the length part is silly IMO, I'd rather use an |
@CodesInChaos Interesting thoughts, thx. Personally, I don't trust preferences that infer trust based on slippery-slope of which team might hypothetically be maintaining what, and what hypothetically should happen in case of an issue. The engineer in me prefers The pragmatist in me prefers
It is the inconsistency of MS approach that I personally find the least trustworthy (ie. if |
Which approach is best?
AndEq
approach, used by internal and public Microsoft helpers:OrXor
approach (classic):OrSub
approach, recently advocated by Microsoft as the "better way" (no supporting evidence):Some other approach?
The text was updated successfully, but these errors were encountered: