contant time compare removed

binarydud avatarbinarydud created an issue

It looks like in commit 8f3fc81 constant time compare was removed, was there a reason for this?

Comments (5)

  1. Daniel Holth

    I will put it back in the next time I do a release, but I am not worried about this attack.

    On my machine the difference between comparing the same-length 60-character strings that are equal in the beginning, versus the same all the way to the middle, versus equal, is less than 10 nanoseconds. This article suggests an attacker may be able to resolve 15ns differences by taking 9,000 samples from a great network vantage point. These 9,000 samples invoke the very slow 71 millisecond bcrypt function. A successful timing attack will peg your CPU for hours or days.

    Now consider the attack: generate a bcrypt hash that has a common prefix with a stored password hash, and use timing differences to lengthen the prefix by guessing when the next character is correct. Since any change to the input (the guessed password) will change about half the bits in the hash the attacker cannot generate hashes that have successively longer common prefixes without doing an extremely time consuming brute force search. The work done to find the shorter prefix is useless for finding the next character.

    If your application allows a user to attempt to log in an unlimited amount of times at a very fast rate then a dictionary attack is more likely.

  2. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.