Project

General

Profile

Feature #2975

safe_memcmp new function proposal

Added by devnexen 25 days ago. Updated 14 days ago.

Status:
Invalid
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
2019-08-24
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

More effective against timing attacks than the raw memcmp even though quality depends on oses... plus a "timid" introduction into authn file module.

diff (1.52 KB) diff devnexen, 2019-08-24 14:04

Associated revisions

Revision 0e749c1c (diff)
Added by gstrauss 10 days ago

[mod_auth] http_auth_const_time_memeq() (#2975, #2976)

use constant time comparison when comparing digests

(mitigation for brute-force timing attacks against digests
generated using the same nonce)

x-ref:
"Digest auth nonces are not validated"
https://redmine.lighttpd.net/issues/2976
"safe_memcmp new function proposal"
https://redmine.lighttpd.net/issues/2975

History

#1

Updated by gstrauss 14 days ago

  • Status changed from New to Invalid

A similar routine already exists in http_auth.c:http_auth_const_time_memeq()

A constant time comparison of digests is unnecessary. If you are using a weak digest algorithm for which someone may have generated rainbow tables, then your problem is that you are using a weak digest algorithm. Otherwise, the generated nonce should provide sufficient salt to the generated digest that a constant time comparison of digests does not provide much additional protection.

.

If you would like security-related patches to be taken more seriously, please provide some context about why you think your implementation is better. Your code is not better because you wrote it. Please describe why when you make a post. Your single line description is obtuse, and provides zero justification on why your code is "more effective". ("raw memcmp" does not claim to provide any protection against timing attacks.)

#2

Updated by devnexen 14 days ago

gstrauss wrote:

A similar routine already exists in http_auth.c:http_auth_const_time_memeq()

A constant time comparison of digests is unnecessary. If you are using a weak digest algorithm for which someone may have generated rainbow tables, then your problem is that you are using a weak digest algorithm. Otherwise, the generated nonce should provide sufficient salt to the generated digest that a constant time comparison of digests does not provide much additional protection.

.

If you would like security-related patches to be taken more seriously, please provide some context about why you think your implementation is better. Your code is not better because you wrote it. Please describe why when you make a post. Your single line description is obtuse, and provides zero justification on why your code is "more effective". ("raw memcmp" does not claim to provide any protection against timing attacks.)

:-) Ah no I do not pretend I just did notice your existing functions, apologies then, let's forget this infortunate episod.

Also available in: Atom