1
41%
master: 41%

Ran 16 Feb 2019 05:06AM UTC

Files 10

Run time 1s

Badge

Embed ▾

Committed 16 Feb 2019 04:51AM UTC coverage: 40.756%. Remained the same

Job # GO111MODULE=on

Build Type

Pull #7

travis-ci

Committed by

web-flow

Commit Message

Constant time comparison for auth verification

It's a subtle change. Get it?

Timing attacks rely on measuring the amount of time it takes for an
operation to complete. The idea is that programs will break out early on
error, and sometimes it can be abused.

In this case, an attacker could measure the time it takes to verify an
256 auth tags, each one starting with a different byte. `bytes.Equal`
will immediately return false if the first byte is wrong, otherwise
check the next byte and so on. This means that just one of the auth tags
will take longer than the rest, because the first byte will match.
You can repeat the process until you figure out the correct auth tag.

Pull Request Pull Request #7: Use constant time comparison for auth verification

Run Details

302 of 741 relevant lines covered (40.76%)

10.94 hits per line

pions / srtp / 35 / 1
41%
master: 41%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 35.1 (GO111MODULE=on)

pions / srtp / 35 / 1 41% master: 41%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 35.1 (GO111MODULE=on)

pions / srtp / 35 / 1
41%
master: 41%

README BADGES
x