Feature #2975
closedsafe_memcmp new function proposal
Description
More effective against timing attacks than the raw memcmp even though quality depends on oses... plus a "timid" introduction into authn file module.
Files
Updated by gstrauss over 4 years ago
- Status changed from New to Invalid
A similar routine already exists in http_auth.c:http_auth_const_time_memeq()
A constant time comparison of digests is unnecessary. If you are using a weak digest algorithm for which someone may have generated rainbow tables, then your problem is that you are using a weak digest algorithm. Otherwise, the generated nonce should provide sufficient salt to the generated digest that a constant time comparison of digests does not provide much additional protection.
.
If you would like security-related patches to be taken more seriously, please provide some context about why you think your implementation is better. Your code is not better because you wrote it. Please describe why when you make a post. Your single line description is obtuse, and provides zero justification on why your code is "more effective". ("raw memcmp" does not claim to provide any protection against timing attacks.)
Updated by devnexen over 4 years ago
gstrauss wrote:
A similar routine already exists in http_auth.c:http_auth_const_time_memeq()
A constant time comparison of digests is unnecessary. If you are using a weak digest algorithm for which someone may have generated rainbow tables, then your problem is that you are using a weak digest algorithm. Otherwise, the generated nonce should provide sufficient salt to the generated digest that a constant time comparison of digests does not provide much additional protection.
.
If you would like security-related patches to be taken more seriously, please provide some context about why you think your implementation is better. Your code is not better because you wrote it. Please describe why when you make a post. Your single line description is obtuse, and provides zero justification on why your code is "more effective". ("raw memcmp" does not claim to provide any protection against timing attacks.)
:-) Ah no I do not pretend I just did notice your existing functions, apologies then, let's forget this infortunate episod.
Updated by gstrauss over 2 years ago
- ASK QUESTIONS IN Forums set to No
FYI: a digest-specific constant time comparison was added in commit 0e749c1c and included in lighttpd 1.4.55 (released Jan 2020) as a mitigation for brute-force timing attacks against digests generated using the same nonce. See also #2976
Also related, lighttpd 1.4.55 closes the connection after a bad password, as a mitigation to (somewhat) slow down brute force attacks. See https://redmine.lighttpd.net/boards/3/topics/8885
Also available in: Atom