[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: identical input, different output?
On 12/5/14, Solar Designer <solar@openwall.com> wrote:
> Miscompiles are a thing. This is a reason why I think runtime self-test
> of the full scrypt is desirable. (I am planning on adding that to
> yescrypt as well.) One aspect I haven't decided on yet is whether it's
> a good idea to have a self-test even in -ref code or not (since this
> goes against the simplicity goal for -ref).
I believe that *every* cryptographic function needs a run-time self
test, and that the self-test code and data must be in a separately
compiled source file to defend against moderately broken/malicious
compilers.
(The way to detect lack of SSE/SSE2 support is to use the CPUID
instruction -- but even ‘reference’ code needs a self-test routine
called at run time.)
Robert Ransom