Re: [Haskell-cafe] Tor project

A comparision would be interesting though. I'm aware of constant time implementations of cryptographic functions to reduce timing issues, but these are often coded in C or ASM - I have no clue if this would be possible in a functional language, as the compiler has to know not to optimize for short cuts or anything in the code? On 08/01/2014 02:05 AM, Dario Bertini wrote:

On Thu, Jul 31, 2014 at 2:11 PM, Wojtek Narczyński wrote:

...

But, AFAIK, the (necessary and sufficient) protection against timing attacks is the addition of randomized waits. In the protocol layer, not in pure encryption/decryption/hashing routines.

I agree that we don't have a lot of evidence for/against timing attacks in functional languages (that I know of).

But adding a randomized delay never seemed the correct solution to me (granted, I had the luck to never had to write code sensitive to such issues, and I never wrote a timing attack exploit either), I don't think that doing it in the protocol layer makes it neither necessary nor sufficient.

http://rdist.root.org/2010/01/07/timing-independent-array-comparison/

This explains the pitfalls in some possible timing attack misconceptions