Robert Millan wrote:
> On Mon, Nov 09, 2009 at 06:46:16PM +0100, Duboucher Thomas wrote:
>   
>> 	Ok, I typed this in a few minutes and I'm not confident either with
>> what I wrote; I would check that it works first. ;)
>> 	But the point here is that whatever the user gives as an input, it is
>> executed exactly n-th times, n being the length of the user input; and
>> that whatever the result of the 'if' statement is, the CPU realizes the
>> same amount of operations. By doing so, the attacker will only find out
>> how long it takes to make the comparison with a n caracters long input.
>>     
>
> Actually, modern CPUs are very complex and the number of operations (or
> time taken by them) isn't easy to predict.
>
>   
It's generally a good practice to do exactly same operations
independently of result just store the result in a separate variable
it's how RSA is correctly implemented

  for (n = grub_strlen (s1); n >= 0; n--)
  {
    if (*s1 != *s2)
      ret |= 1;
    else
      ret |= 0;

    s1++; s2++;

  }

It's pproximately how my first attempt worked and it had this bug. If
you can propose a good and tested code of this kind I would be ok with it


-- 
Regards
Vladimir 'phcoder' Serbinenko