Hi Branden, On 2023-07-30 17:31, G. Branden Robinson wrote: > Use terminology more carefully. > > * Refer to the info sec property of confidentiality instead of saying, > vaguely, "security-critical". > https://informationsecurity.wustl.edu/items/\ > confidentiality-integrity-and-availability-the-cia-triad/ > * Try not to confuse anyone who's studied the analysis of algorithms: > don't say "constant time" when "deterministic time" is meant. The > time to perform the memory comparison remains linear (O(n)), not > constant (O(1)). > * Tighten wording. I prefer 2 spaces between the bullet and the list contents. See man-pages(7). Anyway, I accepted it this time. :) > > Signed-off-by: G. Branden Robinson <g.branden.robinson@xxxxxxxxx> You need to quote your name with '"' due to the '.'. I've found some software has issues with it. git-send-email(1) is one of them (due to the perl library it uses). Anyway, patch applied. Thanks! Cheers, Alex > --- > man3/memcmp.3 | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/man3/memcmp.3 b/man3/memcmp.3 > index 9a2aad353..67ebe392e 100644 > --- a/man3/memcmp.3 > +++ b/man3/memcmp.3 > @@ -67,9 +67,17 @@ .SH HISTORY > .SH CAVEATS > Do not use > .BR memcmp () > -to compare security critical data, such as cryptographic secrets, > -because the required CPU time depends on the number of equal bytes. > -Instead, a function that performs comparisons in constant time is required. > +to compare confidential data, > +such as cryptographic secrets, > +because the CPU time required for the comparison > +depends on the contents of the addresses compared, > +this function is subject to timing-based side-channel attacks. > +In such cases, > +a function that performs comparisons in deterministic time, > +depending only on > +.I n > +(the quantity of bytes compared) > +is required. > Some operating systems provide such a function (e.g., NetBSD's > .BR consttime_memequal ()), > but no such function is specified in POSIX. -- <http://www.alejandro-colomar.es/> GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
