These six lines of code turn out to be ~<i>100 times slower</i> than the built-in .NET String.Equals function. I don't know why there is such a perf difference, but apparently .NET has some serious string equality check optimizations in their native code. Has anyone else compared the performance of their language's native string equality check function and this hand-written alternative?<div>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Thu, Jul 15, 2010 at 9:41 AM, Nate Lawson <span dir="ltr"><<a href="mailto:nate@rootlabs.com">nate@rootlabs.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">James A. Donald wrote:<br>
> On 2010-07-15 2:45 PM, Nate Lawson wrote:<br>
>> Starting the compare at a random point is much more difficult and<br>
>> error-prone than implementing a constant-time compare function. Please<br>
>> see Taylor's original note, which included such a constant-time function.<br>
><br>
> The starting point of the compare only has to be unpredictable to the<br>
> attacker, rather than true random, so not so difficult.<br>
<br>
</div>We're talking 6 lines of code for the constant time implementation (not<br>
counting comments). I'll paste it again just to be clear:<br>
<div class="im"><br>
/*<br>
* Constant time compare for secret values.<br>
* Returns 0 if they are equal, non-zero if they aren't.<br>
*/<br>
int<br>
secret_cmp(uint8_t *a, uint8_t *b, size_t n)<br>
{<br>
int result = 0;<br>
<br>
// Catch bad programming case of zero length<br>
if (n == 0)<br>
return 1;<br>
<br>
// Compare all bytes of array, accumulating differences<br>
while (n--)<br>
result |= *a++ ^ *b++;<br>
<br>
return result != 0;<br>
}<br>
<br>
</div>I can't even imagine how a pseudorandom implementation can be as simple<br>
or obviously correct/secure. Please enlighten me.<br>
<div class="im"><br>
--<br>
Nate Lawson<br>
Root Labs :: <a href="http://www.rootlabs.com" target="_blank">www.rootlabs.com</a><br>
</div>+1 (510) 595-9505 / (415) 305-5638 mobile<br>
<div class="im">Solving embedded security, kernel and crypto challenges<br>
<br>
_______________________________________________<br>
</div><div><div></div><div class="h5">security mailing list<br>
<a href="mailto:security@lists.openid.net">security@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-security" target="_blank">http://lists.openid.net/mailman/listinfo/openid-security</a><br>
</div></div></blockquote></div><br></div>