lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5595d4bc-a43e-7a89-eb86-fa77556cd7af@broadcom.com>
Date:   Mon, 12 Jun 2017 09:33:24 +0200
From:   Arend van Spriel <arend.vanspriel@...adcom.com>
To:     Emil Lenngren <emil.lenngren@...il.com>,
        Emmanuel Grumbach <egrumbach@...il.com>
Cc:     Kees Cook <keescook@...omium.org>,
        Kalle Valo <kvalo@...eaurora.org>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        LKML <linux-kernel@...r.kernel.org>,
        "kernel-hardening@...ts.openwall.com" 
        <kernel-hardening@...ts.openwall.com>,
        Anna Schumaker <anna.schumaker@...app.com>,
        David Howells <dhowells@...hat.com>,
        David Safford <safford@...ibm.com>,
        "David S. Miller" <davem@...emloft.net>,
        Gilad Ben-Yossef <gilad@...yossef.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Gustavo Padovan <gustavo@...ovan.org>,
        "J. Bruce Fields" <bfields@...ldses.org>,
        Jeff Layton <jlayton@...chiereds.net>,
        Johan Hedberg <johan.hedberg@...il.com>,
        Johannes Berg <johannes@...solutions.net>,
        Marcel Holtmann <marcel@...tmann.org>,
        Mimi Zohar <zohar@...ux.vnet.ibm.com>,
        Trond Myklebust <trond.myklebust@...marydata.com>,
        keyrings@...r.kernel.org,
        Bluez mailing list <linux-bluetooth@...r.kernel.org>,
        "open list:NFS, SUNRPC, AND..." <linux-nfs@...r.kernel.org>,
        linux-wireless <linux-wireless@...r.kernel.org>,
        Network Development <netdev@...r.kernel.org>
Subject: Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

On 6/11/2017 11:30 PM, Emil Lenngren wrote:
> 2017-06-11 22:48 GMT+02:00 Emmanuel Grumbach <egrumbach@...il.com>:
>> On Sun, Jun 11, 2017 at 4:36 PM, Kees Cook <keescook@...omium.org> wrote:
>>>
>>> On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo <kvalo@...eaurora.org> wrote:
>>>> "Jason A. Donenfeld" <Jason@...c4.com> writes:
>>>>
>>>>> Whenever you're comparing two MACs, it's important to do this using
>>>>> crypto_memneq instead of memcmp. With memcmp, you leak timing information,
>>>>> which could then be used to iteratively forge a MAC.
>>>>
>>>> Do you have any pointers where I could learn more about this?
>>>
>>> While not using C specifically, this talks about the problem generally:
>>> https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html
>>>
>>
>> Sorry for the stupid question, but the MAC address is in plaintext in
>> the air anyway or easily accessible via user space tools. I fail to
>> see what it is so secret about a MAC address in that code where that
>> same MAC address is accessible via myriads of ways.
> 
> I think you're mixing up Media Access Control (MAC) addresses with
> Message Authentication Code (MAC). The second one is a cryptographic
> signature of a message.

While this may be obvious to those who are in the know this mixup is 
easily made outside the crypto domain and especially in the (wireless) 
networking domain (my mind wandered towards the same error path). As 
this series is touching stuff outside crypto it is good to be explicit 
and not use such abbreviations that can be misinterpreted. The article 
Kees referred to is also useful to get into the proper context here and 
at least worth mentioning this or other useful references in the cover 
letter.

Regards,
Arend

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ