You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When you compare the hashes using ==, the comparison logic uses early-out optimization so that if the first character of both strings are different, the comparison ends abruptly returning false. If only the last character is different, the comparison gets that far (taking a bit longer) and returns false. So an attacker can send specific known hashes, record the differences in comparison time, and figure out the correct hash one character at a time.
A simple solution is to perform a byte-to-byte (or char to char) comparison in constant time with no optimization so that the entire string is compared. The recommended solution is probably to use Double-HMAC Comparison. There is an example in Security Driven .NET by Stan Drapkin, which makes use of Inferno (which makes use of System.Security.Cryptography.HMAC).
See DefaultPasswordHash.cs
When you compare the hashes using
==, the comparison logic uses early-out optimization so that if the first character of both strings are different, the comparison ends abruptly returning false. If only the last character is different, the comparison gets that far (taking a bit longer) and returns false. So an attacker can send specific known hashes, record the differences in comparison time, and figure out the correct hash one character at a time.A simple solution is to perform a byte-to-byte (or char to char) comparison in constant time with no optimization so that the entire string is compared. The recommended solution is probably to use Double-HMAC Comparison. There is an example in Security Driven .NET by Stan Drapkin, which makes use of Inferno (which makes use of
System.Security.Cryptography.HMAC).References:
The text was updated successfully, but these errors were encountered: