Re: Imminent bugfix release (1.97.1)

[Duboucher Thomas]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vladimir 'phcoder' Serbinenko a écrit :
> Bean wrote:
>> On Mon, Nov 9, 2009 at 9:50 PM, Vladimir 'phcoder' Serbinenko
>> <address@hidden> wrote:
>>   
>> Hi,
>>
>> int
>> grub_auth_strcmp (const char *s1, const char *s2)
>> {
>>   int ret;
>>   grub_uint64_t end;
>>
>>   end = grub_get_time_ms () + 100;
>>   ret = grub_strcmp (s1, s2);
>>
>>   /* This prevents an attacker from deriving information about the
>>      password from the time it took to execute this function.  */
>>   while (grub_get_time_ms () < end);
>>
>>   return ret;
>> }
>>
>> Isn't this 100 ms ? Anyway, the longest supported string is 1024 long,
>> I doubt there is any perceivable difference between them.
>>
>>   
> If attacker is on fast serial connection he could possibly measure the
> difference
> 

Hi,

        I'm not very confident in this piece of code. I would rather go with
something like

int
grub_auth_strcmp (const char *s1, const char *s2)
{
  int n;
  volatile int ret = 0;

  for (n = grub_strlen (s1); n >= 0; n--)
  {
    if (*s1 != *s2)
      ret |= 1;
    else
      ret |= 0;

    s1++; s2++;
  }

  return ret;
}

        Ok, I typed this in a few minutes and I'm not confident either with
what I wrote; I would check that it works first. ;)
        But the point here is that whatever the user gives as an input, it is
executed exactly n-th times, n being the length of the user input; and
that whatever the result of the 'if' statement is, the CPU realizes the
same amount of operations. By doing so, the attacker will only find out
how long it takes to make the comparison with a n caracters long input.

        Thomas.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkr4VWgACgkQBV7eXqefhqhcIQCgpviYSvNqGqH3fi2Td4QChsam
JWQAni9R7zOWFMGBu5X9rXWOjenIXx31
=vnph
-----END PGP SIGNATURE-----