IETF Logo Mail Archive

Re: [quicwg/base-drafts] Perform stateless reset token comparisons in constant time (#2993)

Martin Thomson <notifications@github.com> Wed, 04 September 2019 06:05 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B9D9120090 for <quic-issues@ietfa.amsl.com>; Tue, 3 Sep 2019 23:05:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.454
X-Spam-Level:
X-Spam-Status: No, score=-6.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XgxKRl8rrLHK for <quic-issues@ietfa.amsl.com>; Tue, 3 Sep 2019 23:05:29 -0700 (PDT)
Received: from out-21.smtp.github.com (out-21.smtp.github.com [192.30.252.204]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2872712006F for <quic-issues@ietf.org>; Tue, 3 Sep 2019 23:05:29 -0700 (PDT)
Date: Tue, 03 Sep 2019 23:05:27 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1567577127; bh=lghXyfyHOIaqz/PlVgr+DpbRrxDpbtjlRBNnEYHWxIE=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=GN5DlcrX7FX9bqlbd3S89Hon5p1icxuS0u+nHWeqtQ99eT8WX+vZePuSn1GEChvLJ hwrTd62lxbzWGVHkOVed6ARITwUpxV/ffn+epYXnpr9MdluBr3v1QaNfvgHgGIIo3Q MHT5UsVaEX/c7OnyzoEzaZR8yVphyAQ3KynaUVSI=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZTPLE5ROXQYLZFKZN3PR4JPEVBNHHBZ4IYAM@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/2993/c527755292@github.com>
In-Reply-To: <quicwg/base-drafts/pull/2993@github.com>
References: <quicwg/base-drafts/pull/2993@github.com>
Subject: Re: [quicwg/base-drafts] Perform stateless reset token comparisons in constant time (#2993)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d6f54278c183_6cd73fb5826cd96090834"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/63SS4oIAlx8haExGIGhTO0Y1etI>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 06:05:31 -0000

Rust has inbuilt defenses against hash flooding, and some languages have that built in.  Note that this is something that doesn't guarantee constant time over inputs, as that is generally not a design goal, though many schemes have that naturally.  Even then, the functions used might be trivially reversible.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/2993#issuecomment-527755292

v2.29.0 | Report a Bug | By Email | System Status