pions / srtp
41%
master: 41%

Repo Added 28 Jan 2019 02:51AM UTC

Files 13

Badge

Embed ▾

LAST BUILD ON BRANCH constant-time-compare
branch: constant-time-compare

CHANGE BRANCH
x

Reset

constant-time-compare

10--fix-out-of-bounds-access

issue-3

keying

master

optimize-generate-counter

optimize-new-ctr

optimize-session-auth-tag

optimize-write-rtp

read-buffer

session-alloc

update-rtcp

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.0

v1.1.1

write-batch

pending completion

Build # 35

Build Type

Pull #7

travis-ci

Committed by

web-flow

Commit Message

Constant time comparison for auth verification

It's a subtle change. Get it?

Timing attacks rely on measuring the amount of time it takes for an
operation to complete. The idea is that programs will break out early on
error, and sometimes it can be abused.

In this case, an attacker could measure the time it takes to verify an
256 auth tags, each one starting with a different byte. `bytes.Equal`
will immediately return false if the first byte is wrong, otherwise
check the next byte and so on. This means that just one of the auth tags
will take longer than the rest, because the first byte will match.
You can repeat the process until you figure out the correct auth tag.

Pull Request Pull Request #7: Use constant time comparison for auth verification

Run Details

1 of 1 new or added line in 1 file covered. (100.0%)

302 of 741 relevant lines covered (40.76%)

10.94 hits per line

Relevant lines Covered

741 RELEVANT LINES 302 COVERED LINES

10.94 HITS PER LINE

Source Files on constant-time-compare

Coverage	∆	File	Lines	Relevant	Covered	Missed	Hits/Line

Recent builds

Builds	Branch	Commit	Type	Ran	Committer	Via	Coverage
35	constant-time-compare	Constant time comparison for auth verification It's a subtle change. Get it? Timing attacks rely on measuring the amount of time it takes for an operation to complete. The idea is that programs will break out early on error, and sometimes it can...	Pull #7	16 Feb 2019 05:06AM UTC	web-flow	travis-ci	pending completion
34	constant-time-compare	Use constant time comparison for auth verification It's a subtle change. Get it? Timing attacks rely on measuring the amount of time it takes for an operation to complete. The idea is that programs will break out early on error, and sometimes it...	Pull #7	16 Feb 2019 05:05AM UTC	web-flow	travis-ci	pending completion
33	constant-time-compare	Constant time comparison for auth verification It's a subtle change. Get it? Timing attacks rely on measuring the amount of time it takes for an operation to complete. The idea is that programs will break out early on error, and sometimes it can...	push	16 Feb 2019 04:54AM UTC	kixelated	travis-ci	pending completion
32	constant-time-compare	Use constant time comparison for auth verification It's a subtle change. Get it? Timing attacks rely on measuring the amount of time it takes for an operation to complete. The idea is that programs will break out early on error, and sometimes it...	push	16 Feb 2019 04:40AM UTC	kixelated	travis-ci	pending completion

See All Builds (96)

pions / srtp
41%
master: 41%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH
x

Relevant lines Covered

Source Files on constant-time-compare

Recent builds

pions / srtp 41% master: 41%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH x

Relevant lines Covered

Source Files on constant-time-compare

Recent builds

pions / srtp
41%
master: 41%

README BADGES
x

CHANGE BRANCH
x