Timing Attack Vulnerability
Brought to you by:
artyom-beilis
framework/trunk/src/hmac_encryptor.cpp
... bool ok = memcmp(&mac[0],cipher.c_str() + message_size,digest_size) == 0;
framework/branches/maintance_0_0_x/hmac_encryptor.cpp
... hash(&data.front()+16,data.size()-16,md5); if(!equal(data.begin(),data.begin()+16,md5)) return false;
Anonymous
Fixed in cs 2246
The chance of using it virtually none due to the fact that memcmp works on 4 bytes blocks and that the noise would be so high in comparison to memcmp time...
But not to be paranoid