I was encounter the following function crypto/subtle package which caused me a lot curiosity, wish someone can explain the purpose behind it. Thanks,
// ConstantTimeByteEq returns 1 if x == y and 0 otherwise.
27 func ConstantTimeByteEq(x, y uint8) int {
28 z := ^(x ^ y)
29 z &= z >> 4
30 z &= z >> 2
31 z &= z >> 1
32
33 return int(z)
34 }
分享 It prevents timing attacks against cryptosystems: Any code path takes exactly the same amount of time.
If you are careless about timing you open up a sidechannel which leaks information about your secret. E.g. you could determine that the first character of a password is 'R' because the system fails 10ns faster if your wrong password starts with 'R'. Repeat with next character until you found the password.
Implementing cryptography is really hard. Really really hard.
分享
