Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Constant-time evaluation of non-bcrypt passwords #5247

Merged
merged 1 commit into from
Mar 26, 2024
Merged

Constant-time evaluation of non-bcrypt passwords #5247

merged 1 commit into from
Mar 26, 2024

Conversation

neilalexander
Copy link
Member

This ensures that comparison of non-bcrypted passwords is done in constant time, whereas otherwise timing information may be apparent on a network with next to no jitter.

Reported-by: Trail of Bits https://www.trailofbits.com
Signed-off-by: Neil Twigg [email protected]

@neilalexander neilalexander requested a review from a team as a code owner March 26, 2024 11:35
derekcollison
derekcollison reviewed Mar 26, 2024
View reviewed changes
server/auth.go
// turning a string into []byte normally.
spass := stringToBytes(serverPassword)
cpass := stringToBytes(clientPassword)
if subtle.ConstantTimeCompare(spass, cpass) == 0 {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this will slow down reconnect yes?

Copy link
Member Author

@neilalexander neilalexander Mar 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be marginal, standard string comparison will give up on the first mismatching character, whereas ConstantTimeCompare iterates over all characters before returning (unless they're different lengths, in which case it gives up immediately).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be about no difference in time for valid credentials. Should only make invalid credential rejection slower.

derekcollison
derekcollison approved these changes Mar 26, 2024
View reviewed changes
Copy link
Member

@derekcollison derekcollison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@derekcollison derekcollison merged commit 7befb03 into main Mar 26, 2024
4 checks passed
@derekcollison derekcollison deleted the neil/authconstanttime branch March 26, 2024 17:54
@neilalexander neilalexander mentioned this pull request Apr 4, 2024
Merged
derekcollison added a commit that referenced this pull request Apr 4, 2024
@derekcollison
Cherry-pick PRs for v2.10.14-RC.2 (#5278)
8cafe5b 
Cherry-pick the following PRs into the v2.10.14 release branch:

* #5237
* #5238
* #5242
* #5208
* #5244
* #5248
* #5246
* #5112
* #5247
* #5256
* #5258
* #5264
* #5266
* #5267
* #5265
* #5271
* #5270
* #5272
* #5276
* #5274
* #5275
* #5277
* #5279

Signed-off-by: Neil Twigg <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philpennock philpennock philpennock left review comments

@derekcollison derekcollison derekcollison approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@neilalexander @derekcollison @philpennock