Re: streql - Constant-time string comparison
That would be an average time, surely, dependent on the strings being
compared.
On 30/10/14 14:46, Leslie S Satenstein wrote:
> Yes, the time could shorten. One could say that the time to compare strings would be (the average of all the string lengths to be compared)/2.
>
> Regards
> Leslie
> Mr. Leslie Satenstein
> Montréal Québec, Canada
>
>
>
> From: Riley Baird <BM-2cVqnDuYbAU5do2DfJTrN7ZbAJ246S4Xix@bitmessage.ch>
> To: Leslie S Satenstein <lsatenstein@yahoo.com>
> Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>; 765893@bugs.debian.org
> Sent: Wednesday, October 29, 2014 4:16 PM
> Subject: Re: streql - Constant-time string comparison
>
> On 30/10/14 01:34, Leslie S Satenstein wrote:
>> Hi Riley
>>
>> Suppose the strings are 10k bytes each (10240), but they differ at byte zero,
>> where is the break instruction to stop the compare?
>
> Why would there need to be a break instruction? That would mean that the
> time taken to compare strings of equal length would change depending on
> the length of the string, unless I'm mistaken.
>
>> The code needs an addition to the for loop as shown below.
>> In place of xor, the return of a comparison when non zero is encountered would allow one to know if string x < string y or the contrary.
>
> Sorry, but I don't understand what you mean. Why is it important to be
> able to know whether string x > string y or vice versa?
>
>
>
>> Regards
>> Leslie
>> Mr. Leslie Satenstein
>> Montréal Québec, Canada
>
>
>
>
>
Reply to: