rfc:timing_attack

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

rfc:timing_attack [2014/02/02 23:37]
realityking
rfc:timing_attack [2017/09/22 13:28]
Line 1: Line 1:
  
-====== Request for Comments: Timing attack safe string comparison function ====== 
-  * Version: 1.0 
-  * Date: 2013-12-22 
-  * Author: Rouven Weßling, me@rouvenwessling 
-  * Status: Under Discussion 
-  * First Published at: http://​wiki.php.net/​rfc/​timing_attack 
- 
-===== Introduction ===== 
- 
-Timing attacks are not a widely recognized problem, since they require significant skill and resources of the attacker. To prevent these attacks constant-time string comparisons can be used. These implementations are rather hard to get right, without leaking timing information. 
- 
-While high profile applications and frameworks already ship with time-constant string comparison functions, this RFC aims to make it simpler for PHP developers to protect their applications. Additionally there'​s less chance of unexpected timing differences in lower level languages. 
- 
-The password_verify function implemented in PHP 5.5 already does a time-constant string comparison, however in many projects bcrypt can not be used for some reason (legacy project, interfacing with other systems, etc.), but they'd still benefit from this functionality. 
- 
-===== Proposal ===== 
- 
-Implement a new function called hash_compare as part of ext/hash. 
- 
-Signature bool hash_compare(string knownString,​ string userString) 
- 
-The time this function takes is based only on the length of the user supplied string. 
- 
-Users have to be mindful, as it is important that the user supplied string (or a hash of that string) is used as the the second parameter not the first. 
- 
-===== Backward Incompatible Changes ===== 
- 
-None. 
- 
-===== Proposed PHP Version(s) ===== 
- 
-Next PHP 5.x 
- 
-===== Impact to Existing Extensions ===== 
- 
-None. 
- 
-===== Patches and Tests ===== 
- 
-Patch including tests: https://​github.com/​realityking/​php-src/​compare/​timing_attack 
- 
-===== Vote ===== 
- 
-<doodle title="​Timing attack safe string comparison function"​ auth="​realityking"​ voteType="​single"​ closed="​false">​ 
-   * Yes 
-   * No 
-</​doodle>​ 
- 
-===== References ===== 
- 
-  * [[rfc:​password_hash|Add Simplified Password Hashing RFC]] 
-  * [[http://​blog.astrumfutura.com/​2010/​10/​nanosecond-scale-remote-timing-attacks-on-php-applications-time-to-take-them-seriously/​|Nanosecond Scale Remote Timing Attacks on PHP Applications]] 
-  * [[http://​rdist.root.org/​2010/​07/​19/​exploiting-remote-timing-attacks/​|Exploiting Remote Timing Attacks]] 
-  * [[https://​github.com/​symfony/​security-core/​blob/​master/​Util/​StringUtils.php#​L36|Symfony2 constant-time string comparison]] 
-  * [[https://​github.com/​joomla/​joomla-cms/​blob/​master/​libraries/​joomla/​crypt/​crypt.php#​L262|Joomla constant-time string comparison]] 
-  * [[https://​github.com/​zendframework/​zf2/​blob/​master/​library/​Zend/​Crypt/​Utils.php#​L17|Zend Framework 2 constant-time string comparison]] 
- 
-===== Changelog ===== 
-  * 0.1 Initial publication 
-  * 0.2 Renamed to hash_compare,​ added link to Zend Framework 2, removed information leak when knownString is empty (Thank you Tjerk) 
-  * 1.0 Moved function to ext/hash. Started voting. 
rfc/timing_attack.txt · Last modified: 2017/09/22 13:28 (external edit)