RFR: 8293779: redundant checking in AESCrypt.makeSessionKey() method [v3]

Xue-Lei Andrew Fan xuelei at openjdk.org
Thu Sep 15 05:34:45 UTC 2022


On Thu, 15 Sep 2022 05:21:52 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:

>> Speaking of MessageDigest.isEqual, we don't need constant time comparison here. We could use Arrays.equals for some extra performance.
>
> Actually, never mind that. We need constant time comparison to avoid leaking information about differences between old and new key. Sorry for the noise.

@djelinski If both styles (w/o constant-time operations) get used in the code, it may take time to analysis the potential secret leaking issues for code readers until there is a clear comment.  As may add additional human and maintenance cost, which may be as expensive as the computer cost, especially when something goes wrong.  So normally, I prefer to constant-time operations for secret informations, no matter if the operations expose to attacking surfaces or not.  Just my $.02.

-------------

PR: https://git.openjdk.org/jdk/pull/10263


More information about the security-dev mailing list