Re: [tor-dev] memcmp() & co. timing info disclosures?

2011-05-06 Thread Chris Palmer
On May 6, 2011, at 10:25 PM, Robert Ransom wrote: > I would expect GCC (and most other C compilers) to use a > non-constant-time implementation of (v1 == v2). Are there machines that implement uint8_t comparison in a data-dependent way? What's an example? -- Chris Palmer Technolo

Re: [tor-dev] memcmp() & co. timing info disclosures?

2011-05-06 Thread Chris Palmer
O0, in case that helps. -- Chris Palmer Technology Director, Electronic Frontier Foundation https://www.eff.org/code ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] memcmp() & co. timing info disclosures?

2011-05-06 Thread Chris Palmer
On May 6, 2011, at 8:53 PM, Robert Ransom wrote: >> int memcmp(const void *m1, const void *m2, size_t n) >> { >> /*XXX I don't know if this is even right; I haven't tested it at all */ >> const uint8_t *b1 = m1, *b2 = m2; >> int retval = 0; >> >> while (n--) { >>const uint8_t v1 = b1[n], v

Re: [tor-dev] memcmp() & co. timing info disclosures?

2011-05-06 Thread Chris Palmer
On May 6, 2011, at 5:08 PM, Jacob Appelbaum wrote: > We can > #define over memcmp but I fear that it's better to specifically > eradicate each one by hand and really think things over on a case by > case basis. FWIW, I agree. Nice work, Marsh! -- Chris Palmer Technology Dir

Re: [tor-dev] SSL Observatory Observations

2011-02-25 Thread Chris Palmer
ng at two things: -- Chris Palmer Technology Director, Electronic Frontier Foundation ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] xxx-draft-spec-for-TLS-normalization.txt

2011-02-21 Thread Chris Palmer
world, of which those CPE things like printers and routers are just a subset, seems reasonable. I don't know if it's possible to do better than to "just sort of look like a web server with a self-signed cert". -- Chris Palmer Technology Director, Electronic Frontier Foun