chiark / gitweb /
~mdw / tripe / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d8fedf2) | patch
server: Compare MAC tags in constant time. 1.0.0pre13
authorMark Wooding <mdw@distorted.org.uk>
Mon, 27 May 2013 21:59:19 +0000 (22:59 +0100)
committerMark Wooding <mdw@distorted.org.uk>
Mon, 27 May 2013 22:38:11 +0000 (23:38 +0100)
commit04ed79b8ad88991517755598c5e8872380ec3dde
treead3bba414abc41a04cb75eacfc64575098cc5488tree | snapshot
parentd8fedf21cc7f6ba61e77db21de0eb9892545d34fcommit | diff
server: Compare MAC tags in constant time.

This fixes a timing attack.  If an adversary can watch the timestamp on
the server's log, then it might be possible to determine how much of a
forged packet's MAC is invalid, and thereby figure out one byte at a
time.

This requires the new constant-time comparison function in Catacomb, so
update the dependencies.

This is release 1.0.0pre13.
configure.ac diff | blob | blame | history
debian/changelog diff | blob | blame | history
debian/control diff | blob | blame | history
server/chal.c diff | blob | blame | history
server/keyset.c diff | blob | blame | history
server/tripe.h diff | blob | blame | history
Trivial IP Encryption: a simple VPN