rfc:timing_attack

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
rfc:timing_attack [2013/12/22 17:20] realitykingrfc:timing_attack [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
  
 ====== Request for Comments: Timing attack safe string comparison function ====== ====== Request for Comments: Timing attack safe string comparison function ======
-  * Version: 0.1+  * Version: 1.0
   * Date: 2013-12-22   * Date: 2013-12-22
-  * Author: Rouven Weßling, me@rouvenwessling +  * Author: Rouven Weßling, me@rouvenwessling.de 
-  * Status: Under Discussion+  * Status: Implemented in 5.6 as hash_equals()
   * First Published at: http://wiki.php.net/rfc/timing_attack   * First Published at: http://wiki.php.net/rfc/timing_attack
  
Line 17: Line 17:
 ===== Proposal ===== ===== Proposal =====
  
-Implement a new function called str_equals.+Implement a new function called hash_compare as part of ext/hash.
  
-Signature bool str_equals(string knownString, string userString)+Signature bool hash_compare(string knownString, string userString)
  
-The time this function takes is based only on two variables: +The time this function takes is based only on the length of the user supplied string.
-length of userString +
-* whether the length of knownString is zero +
- +
-The latter is a slight information leak but so uncommon it shouldn't be of much concern. However this needs to be documented.+
  
 Users have to be mindful, as it is important that the user supplied string (or a hash of that string) is used as the the second parameter not the first. Users have to be mindful, as it is important that the user supplied string (or a hash of that string) is used as the the second parameter not the first.
Line 40: Line 36:
  
 None. None.
- 
-===== Open Issues ===== 
- 
-  * Decide on a name for the function. 
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
  
 Patch including tests: https://github.com/realityking/php-src/compare/timing_attack Patch including tests: https://github.com/realityking/php-src/compare/timing_attack
 +
 +===== Vote =====
 +
 +<doodle title="Timing attack safe string comparison function" auth="realityking" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ===== References ===== ===== References =====
Line 56: Line 55:
   * [[https://github.com/symfony/security-core/blob/master/Util/StringUtils.php#L36|Symfony2 constant-time string comparison]]   * [[https://github.com/symfony/security-core/blob/master/Util/StringUtils.php#L36|Symfony2 constant-time string comparison]]
   * [[https://github.com/joomla/joomla-cms/blob/master/libraries/joomla/crypt/crypt.php#L262|Joomla constant-time string comparison]]   * [[https://github.com/joomla/joomla-cms/blob/master/libraries/joomla/crypt/crypt.php#L262|Joomla constant-time string comparison]]
 +  * [[https://github.com/zendframework/zf2/blob/master/library/Zend/Crypt/Utils.php#L17|Zend Framework 2 constant-time string comparison]]
 +
 +===== Changelog =====
 +  * 0.1 Initial publication
 +  * 0.2 Renamed to hash_compare, added link to Zend Framework 2, removed information leak when knownString is empty (Thank you Tjerk)
 +  * 1.0 Moved function to ext/hash. Started voting.
 +  * 1.1 Added section about differences between RFC and implementation 
 +
 +===== Differences between this RFC and the implementation ====
 +  * The function is now called hash_equals
 +  * Both arguments passed to the function have to be strings, otherwise an E_WARNING is raised.
rfc/timing_attack.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools