stackoom
  简体   繁体   中英

Are there other C standard library functions like memcmp that have timing side-channel risk?

 原文  2022-07-08 03:38:07       c/ memcmp/ c-standard-library/ timing-attack/ side-channel-attacks

Question

I found that memcmp() will return false earlier if the first byte is different in both strings, and I thought it has a timing attack risk. However, when I tried to find out if there were other functions that had side-channel risks like memcmp , I couldn't find any information.

1 answers

solution1
 2  2022-07-08 03:41:31

Yes. strcmp and friends all work the same way. If in the rare case you are timing attack sensitive you have to write all your own comparison loops. The compiler can quite often optimize them back into timing sensitive loops now too, so you end up compiling such files with -O0. I know, so sad.

Typically you don't have this problem because you compare hashes.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C timing memory access for side-channel attacks How to debug standard c library functions like printf? Are all functions in the c++ standard library required have external linkage? regular expression matching functions of standard C library Are functions in the C standard library thread safe? Where are the functions in the C standard library defined? Is there a JavaScript port of the functions in the C standard library? How to call c functions that call c standard library in nasm? Can functions from the C standard library be used in C++? What functions in the GNU C runtime library are in the standard library?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM