rfc:timing_attack

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
rfc:timing_attack [2013/12/22 17:21] realitykingrfc:timing_attack [2014/04/13 21:33] realityking
Line 1: Line 1:
  
 ====== Request for Comments: Timing attack safe string comparison function ====== ====== Request for Comments: Timing attack safe string comparison function ======
-  * Version: 0.1+  * Version: 1.0
   * Date: 2013-12-22   * Date: 2013-12-22
-  * Author: Rouven Weßling, me@rouvenwessling +  * Author: Rouven Weßling, me@rouvenwessling.de 
-  * Status: Under Discussion+  * Status: Implemented in 5.6 as hash_equals()
   * First Published at: http://wiki.php.net/rfc/timing_attack   * First Published at: http://wiki.php.net/rfc/timing_attack
  
Line 17: Line 17:
 ===== Proposal ===== ===== Proposal =====
  
-Implement a new function called str_equals.+Implement a new function called hash_compare as part of ext/hash.
  
-Signature bool str_equals(string knownString, string userString)+Signature bool hash_compare(string knownString, string userString)
  
-The time this function takes is based only on two variables: +The time this function takes is based only on the length of the user supplied string.
-  * length of userString +
-  * whether the length of knownString is zero +
- +
-The latter is a slight information leak but so uncommon it shouldn't be of much concern. However this needs to be documented.+
  
 Users have to be mindful, as it is important that the user supplied string (or a hash of that string) is used as the the second parameter not the first. Users have to be mindful, as it is important that the user supplied string (or a hash of that string) is used as the the second parameter not the first.
Line 40: Line 36:
  
 None. None.
- 
-===== Open Issues ===== 
- 
-  * Decide on a name for the function. 
  
 ===== Patches and Tests ===== ===== Patches and Tests =====
  
 Patch including tests: https://github.com/realityking/php-src/compare/timing_attack Patch including tests: https://github.com/realityking/php-src/compare/timing_attack
 +
 +===== Vote =====
 +
 +<doodle title="Timing attack safe string comparison function" auth="realityking" voteType="single" closed="true">
 +   * Yes
 +   * No
 +</doodle>
  
 ===== References ===== ===== References =====
Line 56: Line 55:
   * [[https://github.com/symfony/security-core/blob/master/Util/StringUtils.php#L36|Symfony2 constant-time string comparison]]   * [[https://github.com/symfony/security-core/blob/master/Util/StringUtils.php#L36|Symfony2 constant-time string comparison]]
   * [[https://github.com/joomla/joomla-cms/blob/master/libraries/joomla/crypt/crypt.php#L262|Joomla constant-time string comparison]]   * [[https://github.com/joomla/joomla-cms/blob/master/libraries/joomla/crypt/crypt.php#L262|Joomla constant-time string comparison]]
 +  * [[https://github.com/zendframework/zf2/blob/master/library/Zend/Crypt/Utils.php#L17|Zend Framework 2 constant-time string comparison]]
 +
 +===== Changelog =====
 +  * 0.1 Initial publication
 +  * 0.2 Renamed to hash_compare, added link to Zend Framework 2, removed information leak when knownString is empty (Thank you Tjerk)
 +  * 1.0 Moved function to ext/hash. Started voting.
rfc/timing_attack.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools