Project

General

Profile

Actions

Feature #2975

closed

safe_memcmp new function proposal

Added by devnexen over 5 years ago. Updated over 3 years ago.

Status:
Invalid
Priority:
Normal
Category:
-
Target version:
ASK QUESTIONS IN Forums:
No

Description

More effective against timing attacks than the raw memcmp even though quality depends on oses... plus a "timid" introduction into authn file module.


Files

diff (1.52 KB) diff devnexen, 2019-08-24 14:04
Actions #1

Updated by gstrauss over 5 years ago

  • Status changed from New to Invalid

A similar routine already exists in http_auth.c:http_auth_const_time_memeq()

A constant time comparison of digests is unnecessary. If you are using a weak digest algorithm for which someone may have generated rainbow tables, then your problem is that you are using a weak digest algorithm. Otherwise, the generated nonce should provide sufficient salt to the generated digest that a constant time comparison of digests does not provide much additional protection.

.

If you would like security-related patches to be taken more seriously, please provide some context about why you think your implementation is better. Your code is not better because you wrote it. Please describe why when you make a post. Your single line description is obtuse, and provides zero justification on why your code is "more effective". ("raw memcmp" does not claim to provide any protection against timing attacks.)

Actions #2

Updated by devnexen over 5 years ago

gstrauss wrote:

A similar routine already exists in http_auth.c:http_auth_const_time_memeq()

A constant time comparison of digests is unnecessary. If you are using a weak digest algorithm for which someone may have generated rainbow tables, then your problem is that you are using a weak digest algorithm. Otherwise, the generated nonce should provide sufficient salt to the generated digest that a constant time comparison of digests does not provide much additional protection.

.

If you would like security-related patches to be taken more seriously, please provide some context about why you think your implementation is better. Your code is not better because you wrote it. Please describe why when you make a post. Your single line description is obtuse, and provides zero justification on why your code is "more effective". ("raw memcmp" does not claim to provide any protection against timing attacks.)

:-) Ah no I do not pretend I just did notice your existing functions, apologies then, let's forget this infortunate episod.

Actions #3

Updated by gstrauss over 3 years ago

  • ASK QUESTIONS IN Forums set to No

FYI: a digest-specific constant time comparison was added in commit 0e749c1c and included in lighttpd 1.4.55 (released Jan 2020) as a mitigation for brute-force timing attacks against digests generated using the same nonce. See also #2976

Also related, lighttpd 1.4.55 closes the connection after a bad password, as a mitigation to (somewhat) slow down brute force attacks. See https://redmine.lighttpd.net/boards/3/topics/8885

Actions

Also available in: Atom