[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is a constant time string compare necessary?

To: Laurens Van Houtven <_@lvh.io>
Subject: Re: Is a constant time string compare necessary?
From: Solar Designer <solar@openwall.com>
Date: Wed, 4 Dec 2013 03:32:48 +0400
Cc: scrypt@tarsnap.com
In-reply-to: <CAE_Hg6YNzr3fUPD52Zbj-VngrSGFd54PketWty1C3qQ6rDt0qA@mail.gmail.com>
References: <CAE_Hg6YNzr3fUPD52Zbj-VngrSGFd54PketWty1C3qQ6rDt0qA@mail.gmail.com>

On Tue, Dec 03, 2013 at 08:55:47PM +0100, Laurens Van Houtven wrote:
> When comparing the result of the scrypt KDF to a previously computed &
> stored value (say, in the context of a stored password), is it necessary to
> compare the two strings in constant time?

If the salts are large and are unpredictable by a remote attacker and
are stored only along with the hashes, no.

Alexander

References:
- Is a constant time string compare necessary?
  - From: Laurens Van Houtven <_@lvh.io>

Prev by Date: Is a constant time string compare necessary?
Next by Date: Re: [Cryptography] Why don't we protect passwords properly?
Previous by thread: Is a constant time string compare necessary?
Next by thread: Re: [Cryptography] Why don't we protect passwords properly?
Index(es):
- Date
- Thread