[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: identical input, different output?

To: Solar Designer <solar@openwall.com>
Subject: Re: identical input, different output?
From: Arnold Reinhold <agr@me.com>
Date: Tue, 09 Dec 2014 08:27:56 -0500
Cc: Robert Ransom <rransom.8774@gmail.com>, Colin Percival <cperciva@tarsnap.com>, scrypt@tarsnap.com
In-reply-to: <20141206003551.GA11044@openwall.com>
References: <7AE9DD36-A667-4B8D-B2E1-FF781E28D995@lyndir.com> <54800408.8060905@tarsnap.com> <90a1f03fd091607c039a8c7e6133145e.squirrel@lelantoss7bcnwbv.onion> <5482147B.1050405@tarsnap.com> <20141205224752.GA10646@openwall.com> <20141205231228.GA10829@openwall.com> <CABqy+srZ6Ci-09J41t_eHMb+H7XS6-2Mp+p+tkZnDB50=1YdXw@mail.gmail.com> <20141206003551.GA11044@openwall.com>

> On Dec 5, 2014, at 7:35 PM, Solar Designer <solar@openwall.com> wrote:
...
> When using intrinsics, CPUID is a safer bet against compiler
> optimizations, but we'd have to use #ifdef's to choose the intrinsic
> that the current compiler supports (and what if know no CPUID intrinsic
> for the current compiler?)  If we resort to inline asm, we can as well
> put a suitable SSE2 instruction in there (to trigger crash on pre-SSE2),
> which is simpler (just one instruction), safer (no dependency on the
> caller's return value check), and more consistent (the code might have
> SSE2 instructions before that point, depending on compiler and other
> parts of the program, so a belated CPUID check feels a bit silly).
> 
> Alexander

I'd like to suggest third alerting option besides returning an error code that could be ignored or crashing the system: If a self-check fails, in addition to returning an error code, return a random value as the scrypt hash output. This would fail safe by preventing validation of credentials by the faulty code, a lapse that would be quickly detected in practice. The C library rand function, seeded by date and time (srand (time(NULL));) would be good enough for this, so there should be no platform dependencies.

Arnold Reinhold

Follow-Ups:
- Re: identical input, different output?
  - From: Ray Callaghan <callaghan.r@gmail.com>

References:
- identical input, different output?
  - From: Maarten Billemont <lhunath@lyndir.com>
- Re: identical input, different output?
  - From: Colin Percival <cperciva@tarsnap.com>
- Re: identical input, different output?
  - From: danielw@emaildoge.com
- Re: identical input, different output?
  - From: Colin Percival <cperciva@tarsnap.com>
- Re: identical input, different output?
  - From: Solar Designer <solar@openwall.com>
- Re: identical input, different output?
  - From: Solar Designer <solar@openwall.com>
- Re: identical input, different output?
  - From: Robert Ransom <rransom.8774@gmail.com>
- Re: identical input, different output?
  - From: Solar Designer <solar@openwall.com>

Prev by Date: Re: identical input, different output?
Next by Date: Re: identical input, different output?
Previous by thread: Re: identical input, different output?
Next by thread: Re: identical input, different output?
Index(es):
- Date
- Thread