Open
Description
storedHash is directly taken from the source file, i.e. the potentially manipulated file. Would this loop not cause a timing vulnerability? The attacker could guess the first byte of the MAC, send it together with the manipulated file to the server and observe for which guess the server takes slightly longer to process. This guess can be assumed to be the correct first key MAC byte. Then the attacker can proceed to the next byte etc., essentially brute forcing the MAC one byte after another.
I think creating a hash value of both the expected and the actual MAC value and then comparing the hash value could potentially solve this.
Am I missing something?