To compare two strings, I currently use strcmp or one of its variants. However, because strcmp take longer if more characters match, it is vulnerable to timing attacks. Is there a constant-time string comparison function in the standard library on Windows?
Constant-time string comparison function
1k Views Asked by Sjoerd At
1
There are 1 best solutions below
Related Questions in STRING
- SML - Find same elements in a string
- match hex string with list indice
- How can I determine the index of the same set of characters between two strings that are of different lengths?
- String.replace() isn't working like I expect
- How to do a case-insensitive string comparison?
- Trying to save an np array with string and floats, but getting a error
- String replace with integer not working
- How to calculate a length of array with out using library
- Java replace every Nth specific character (e.g. space) in String
- Split the strings into two parts Python
- Perl Regex: Merge multiple one-character substrings
- Squid S2275 does not know about format string argument indexes
- more efficient way of remove a few characters from the end of a string
- python member str performance too slow
- String.split() not behaving in android
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in WINAPI
- Make screenshot of DirectX window that is hidden and doesn't have focus
- Is it valid to mutilayered a critical section?
- Implementing callback function for dialog-based application
- Where is the 'EnablePinning' property in the ribbon framework's recent items?
- Confusion about CTRL_SHUTDOWN_EVENT handling in DLLs and WM_QUERYENDSESSION
- Standard control transparency. Possible?
- Disable all power options from the Start menu
- call Win32 API in flex to set Window Display Affinity
- heap error after changing from new allocation to smartpointer
- Win API - Delete all files except some
- Finding the default application for a particular file name extension (Even when served by a metro app)
- How do I declare OutputDebugStringA without windows.h macros?
- WPF giving maximize,minimize,resize control to child window
- Can a dialog intercept drag'n'drop messages passed to its controls?
- WinApi and work with several domains
Related Questions in CONSTANT-TIME
- Why do we need to add a "sleep" method to make a constant time attack succeed?
- What thread safe java Data structure or custom implementation can let me get the position of a String in constant time
- Why does the hash() function in python take constant time to operate on strings of variable length?
- Cannot detect any meaningful timing difference in PHP (constant timing attack)
- Generic constant time compare function c++
- Algorithm to find numerical bucket in dynamic list
- What is the time complexity of Java's ArrayList.sublist(startIndex, endIndex) method?
- Create array structure in JavaScript that omits indexing
- Cartesian product in Gray code order : including affected set in this order?
- Constant-time string comparison function
- How to implement a generic PriorityQueue with basic methods in java?
- Is masking effective for thwarting side channel attacks?
- Compare two integers with bitwise operation
- How to access element(having a unique identifier) in a vector using a map in constant time?
- A java datastructure which has constant access time and allows duplicates
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I don't think Windows nor Visual Studio has such functions.
At least for something simple like strcmp you can whip something up yourself.
If you only care about equality:
If you need sortable results and you need to process all of the longest string:
These are not perfect timing wise but should be more than good enough for anything network based.