compiler people: how likely is it that timing-safe C code is future-proof? as in, how likely is it that future compilers will e.g. take "uint8_t diff = 0; for (size_t i=0; i<len; i++) diff |= a[i]^b[i]; return diff != 0" and put a conditional bailout jump in the loop?
-
-
Recently had to double check if Java's MessageDigest.isEqual was sane, because the documentation claims otherwise: https://developer.android.com/reference/java/security/MessageDigest.html#isEqual%28byte[],%20byte[]%29 … https://android.googlesource.com/platform/libcore/+/android-8.1.0_r14/ojluni/src/main/java/java/security/MessageDigest.java#469 … https://bugs.openjdk.java.net/browse/JDK-8136459 … It seemed a bit weird to assume the compiler won't ever figure out how to optimize that...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.