[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: identical input, different output?

On 12/5/14, Solar Designer <solar@openwall.com> wrote:

> Miscompiles are a thing.  This is a reason why I think runtime self-test
> of the full scrypt is desirable.  (I am planning on adding that to
> yescrypt as well.)  One aspect I haven't decided on yet is whether it's
> a good idea to have a self-test even in -ref code or not (since this
> goes against the simplicity goal for -ref).

I believe that *every* cryptographic function needs a run-time self
test, and that the self-test code and data must be in a separately
compiled source file to defend against moderately broken/malicious

(The way to detect lack of SSE/SSE2 support is to use the CPUID
instruction -- but even ‘reference’ code needs a self-test routine
called at run time.)

Robert Ransom