Re: [CFRG] RSA PSS Salt Length for HTTP Message Signatures

Neil Madden <neil.e.madden@gmail.com> Sat, 29 May 2021 12:27 UTC

Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
From: Neil Madden <neil.e.madden@gmail.com>
In-Reply-To: <SY4PR01MB6251E99DBE130945AB7BCCADEE219@SY4PR01MB6251.ausprd01.prod.outlook.com>
Cc: Justin Richer <jricher@mit.edu>, IRTF CFRG <Cfrg@irtf.org>
Date: Sat, 29 May 2021 13:26:57 +0100
Message-Id: <E4751345-30E7-49ED-8044-2294E010FB4A@gmail.com>
References: <SY4PR01MB6251E99DBE130945AB7BCCADEE219@SY4PR01MB6251.ausprd01.prod.outlook.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/fv0XWsh02bov7p8zIUvVFw8-bls>
Subject: Re: [CFRG] RSA PSS Salt Length for HTTP Message Signatures
Precedence: list

On 29 May 2021, at 10:22, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
> 
> Neil Madden <neil.e.madden@gmail.com> writes:
> 
>> By this do you mean *constant-time* memcmp? Otherwise that seems something
>> quite easy to get wrong.
> 
> You're doing a memcmp() on known, public data, there's nothing to leak so no
> need for a constant-time memcmp().

I was thinking of the fault attack mitigation technique where you sign twice and compare. I guess you’re talking about verification instead. 

— Neil

[CFRG] RSA PSS Salt Length for HTTP Message Signa… Justin Richer
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Russ Housley
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Peter Gutmann
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Justin Richer
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… John Mattsson
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Justin Richer
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Richard Outerbridge
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Brian Smith
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Benjamin Kaduk
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Martin Thomson
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Peter Gutmann
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Salz, Rich
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Justin Richer
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Brian Smith
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Blumenthal, Uri - 0553 - MITLL
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Salz, Rich
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… denis bider
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Neil Madden
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Neil Madden
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Peter Gutmann
Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Neil Madden