Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 28 May 2023 16:13:18 +0600
From: NRK <nrk@...root.org>
To: musl@...ts.openwall.com
Subject: Re: [C23 string conversion 1/3] C23: add the new
 memset_explicit function

Hi Jens,

On Fri, May 26, 2023 at 11:25:43AM +0200, Jens Gustedt wrote:
> By having a slow bytewise copy, we intent also to have predictable
> timing, such that we can avoid side-channel attacks.

I don't believe `volatile` provides any guarantee of emitting
constant-time operations (which can be CPU dependent). But even if it
happens to work out in practice, from a user/non-cryptographer's
perspective, I feel like claims like "avoiding side-channel attacks"
needs much more substantiation than just slapping a `volatile` on top of
a pointer.

But as I've said, not a cryptographer, so please *do* correct me if I'm
wrong or am being unnecessarily paranoid.

P.S: even if the claim is correct, other major implementation would also
have to agree to provide such guarantee in a documented manner for this
to be useful to the users. Otherwise, users will have to resort to
hard-coded libc checks or simply not rely on this property at all.

- NRK

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.