From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1N7Yh3-0007pE-BH for mharc-grub-devel@gnu.org; Mon, 09 Nov 2009 13:10:21 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1N7Yh1-0007mI-6v for grub-devel@gnu.org; Mon, 09 Nov 2009 13:10:19 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1N7Ygv-0007fZ-Qd for grub-devel@gnu.org; Mon, 09 Nov 2009 13:10:17 -0500 Received: from [199.232.76.173] (port=55061 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1N7Ygv-0007fD-DL for grub-devel@gnu.org; Mon, 09 Nov 2009 13:10:13 -0500 Received: from xvm-190-8.ghst.net ([217.70.190.8]:33129 helo=aybabtu.com) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1N7Ygu-00066O-Ux for grub-devel@gnu.org; Mon, 09 Nov 2009 13:10:13 -0500 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtp (Exim 4.69) (envelope-from ) id 1N7Ygt-0000gw-4f for grub-devel@gnu.org; Mon, 09 Nov 2009 19:10:11 +0100 Received: from rmh by thorin with local (Exim 4.69) (envelope-from ) id 1N7Ygs-0001v7-AM for grub-devel@gnu.org; Mon, 09 Nov 2009 19:10:10 +0100 Date: Mon, 9 Nov 2009 19:10:10 +0100 From: Robert Millan To: The development of GNU GRUB Message-ID: <20091109181010.GA7372@thorin> References: <20091109010422.GA23417@thorin> <4AF81E2C.2090700@gmail.com> <4AF82868.6090803@gmail.com> <4AF85568.7080105@duboucher.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4AF85568.7080105@duboucher.eu> Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.18 (2008-05-17) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Re: Imminent bugfix release (1.97.1) X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Nov 2009 18:10:19 -0000 On Mon, Nov 09, 2009 at 06:46:16PM +0100, Duboucher Thomas wrote: > > Ok, I typed this in a few minutes and I'm not confident either with > what I wrote; I would check that it works first. ;) > But the point here is that whatever the user gives as an input, it is > executed exactly n-th times, n being the length of the user input; and > that whatever the result of the 'if' statement is, the CPU realizes the > same amount of operations. By doing so, the attacker will only find out > how long it takes to make the comparison with a n caracters long input. Actually, modern CPUs are very complex and the number of operations (or time taken by them) isn't easy to predict. -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all."