|
|
|
|
|
|
by TheLoneWolfling
3979 days ago
|
|
|
a) You're just punting the timing attack off to the SHA algorithm. b) There is no SHA algorithm in the C / C++ standard library (that I know of), muchless a guaranteed constant-time (or rather, data-independent) one. c) The compiler is well within its rights to insert "busy_loop_for_ms(input_char);" anywhere it wishes. It is unlikely to do so, but it is allowed to. As I said: C and C++ don't have any notion of constant or variable time. |
|
|