Linux.com

Home News Software Linux Kernel Development Defeating Memory Comparison Timing Oracles (Red Hat Security Blog)

Defeating Memory Comparison Timing Oracles (Red Hat Security Blog)

Over at the Red Hat Security Blog, Florian Weimer looks at timing oracles in memory comparison functions and how to stop them. Timing oracles can allow attackers to extract keys or other secret data by timing code that compares input data to the secret. "Of course, there are other architectures (and x86 implementations), so we will have to perform further research to see if we can remove the timing oracle from their implementations at acceptable (read: zero) cost. For architectures where super-scalar, pipelined implementations are common, this is likely the case. But the GNU C library will probably not be a in a position to commit to an oracle-free memcmp by default (after all, future architectures might have different requirements). But I hope that we can promise that in -D_FORTIFY_SOURCE=2 mode, memcmp is oracle-free."

Read more at LWN
 

Comments

Subscribe to Comments Feed
  • osiztechnologies cryptocurrency exchange software Said:

    osiztechnologies bitcoin trading software

  • osiztechnologies cryptocurrency exchange software Said:

    osiztechnologies bitcoin trading software


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board