You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
constant-time mac
About this tag
The constant-time MAC tag on WindowsForum.com covers discussions about cryptographic authentication code comparisons that execute in a fixed duration regardless of input. A key thread examines CVE-2026-23364 in ksmbd, the Linux kernel's SMB3 server, where a non-constant-time MAC comparison could leak timing information to attackers. The vulnerability affects SMB authentication and is referenced in Microsoft's Security Update Guide. Recurring themes include timing side-channel attacks, secure implementation of MAC checks in kernel and server code, and the importance of constant-time operations for maintaining authentication integrity in protocols like SMB.
CVE-2026-23364 in ksmbd: why a constant-time MAC comparison matters more than it sounds
A new CVE-2026-23364 entry tied to ksmbd, the Linux kernel’s SMB3 server implementation, highlights a security property that can look minor at first glance but matters deeply in authentication code: comparing...