On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo <kvalo@xxxxxxxxxxxxxx> wrote: > "Jason A. Donenfeld" <Jason@xxxxxxxxx> writes: > >> Whenever you're comparing two MACs, it's important to do this using >> crypto_memneq instead of memcmp. With memcmp, you leak timing information, >> which could then be used to iteratively forge a MAC. > > Do you have any pointers where I could learn more about this? While not using C specifically, this talks about the problem generally: https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html -Kees -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html