rfc:timing_attack

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

rfc:timing_attack [2014/02/02 22:46]
realityking
rfc:timing_attack [2017/09/22 13:28]
Line 1: Line 1:
  
-====== Request for Comments: Timing attack safe string comparison function ====== 
-  * Version: 1.o 
-  * Date: 2013-12-22 
-  * Author: Rouven Weßling, me@rouvenwessling 
-  * Status: Under Discussion 
-  * First Published at: http://wiki.php.net/rfc/timing_attack 
- 
-===== Introduction ===== 
- 
-Timing attacks are not a widely recognized problem, since they require significant skill and resources of the attacker. To prevent these attacks constant-time string comparisons can be used. These implementations are rather hard to get right, without leaking timing information. 
- 
-While high profile applications and frameworks already ship with time-constant string comparison functions, this RFC aims to make it simpler for PHP developers to protect their applications. Additionally there's less chance of unexpected timing differences in lower level languages. 
- 
-The password_verify function implemented in PHP 5.5 already does a time-constant string comparison, however in many projects bcrypt can not be used for some reason (legacy project, interfacing with other systems, etc.), but they'd still benefit from this functionality. 
- 
-===== Proposal ===== 
- 
-Implement a new function called hash_compare as part of ext/hash. 
- 
-Signature bool hash_compare(string knownString, string userString) 
- 
-The time this function takes is based only on the length of the user supplied string. 
- 
-Users have to be mindful, as it is important that the user supplied string (or a hash of that string) is used as the the second parameter not the first. 
- 
-===== Backward Incompatible Changes ===== 
- 
-None. 
- 
-===== Proposed PHP Version(s) ===== 
- 
-Next PHP 5.x 
- 
-===== Impact to Existing Extensions ===== 
- 
-None. 
- 
-===== Patches and Tests ===== 
- 
-Patch including tests: https://github.com/realityking/php-src/compare/timing_attack 
- 
-===== Vote ===== 
- 
-<doodle title="Timing attack safe string comparison function" auth="realityking" voteType="single" closed="false"> 
-   * Yes 
-   * No 
-</doodle> 
- 
-===== References ===== 
- 
-  * [[rfc:password_hash|Add Simplified Password Hashing RFC]] 
-  * [[http://blog.astrumfutura.com/2010/10/nanosecond-scale-remote-timing-attacks-on-php-applications-time-to-take-them-seriously/|Nanosecond Scale Remote Timing Attacks on PHP Applications]] 
-  * [[http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/|Exploiting Remote Timing Attacks]] 
-  * [[https://github.com/symfony/security-core/blob/master/Util/StringUtils.php#L36|Symfony2 constant-time string comparison]] 
-  * [[https://github.com/joomla/joomla-cms/blob/master/libraries/joomla/crypt/crypt.php#L262|Joomla constant-time string comparison]] 
-  * [[https://github.com/zendframework/zf2/blob/master/library/Zend/Crypt/Utils.php#L17|Zend Framework 2 constant-time string comparison]] 
- 
-===== Changelog ===== 
-  * 0.1 Initial publication 
-  * 0.2 Renamed to hash_compare, added link to Zend Framework 2, removed information leak when knownString is empty (Thank you Tjerk) 
- * 1.0 Moved function to ext/hash. Started voting. 
rfc/timing_attack.txt · Last modified: 2017/09/22 13:28 (external edit)