rfc:timing_attack
Differences
This shows you the differences between two versions of the page.
rfc:timing_attack [2014/02/23 15:02] realityking |
rfc:timing_attack [2017/09/22 13:28] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Request for Comments: Timing attack safe string comparison function ====== | ||
- | * Version: 1.0 | ||
- | * Date: 2013-12-22 | ||
- | * Author: Rouven Weßling, me@rouvenwessling.de | ||
- | * Status: Accepted | ||
- | * First Published at: http://wiki.php.net/rfc/timing_attack | ||
- | |||
- | ===== Introduction ===== | ||
- | |||
- | Timing attacks are not a widely recognized problem, since they require significant skill and resources of the attacker. To prevent these attacks constant-time string comparisons can be used. These implementations are rather hard to get right, without leaking timing information. | ||
- | |||
- | While high profile applications and frameworks already ship with time-constant string comparison functions, this RFC aims to make it simpler for PHP developers to protect their applications. Additionally there's less chance of unexpected timing differences in lower level languages. | ||
- | |||
- | The password_verify function implemented in PHP 5.5 already does a time-constant string comparison, however in many projects bcrypt can not be used for some reason (legacy project, interfacing with other systems, etc.), but they'd still benefit from this functionality. | ||
- | |||
- | ===== Proposal ===== | ||
- | |||
- | Implement a new function called hash_compare as part of ext/hash. | ||
- | |||
- | Signature bool hash_compare(string knownString, string userString) | ||
- | |||
- | The time this function takes is based only on the length of the user supplied string. | ||
- | |||
- | Users have to be mindful, as it is important that the user supplied string (or a hash of that string) is used as the the second parameter not the first. | ||
- | |||
- | ===== Backward Incompatible Changes ===== | ||
- | |||
- | None. | ||
- | |||
- | ===== Proposed PHP Version(s) ===== | ||
- | |||
- | Next PHP 5.x | ||
- | |||
- | ===== Impact to Existing Extensions ===== | ||
- | |||
- | None. | ||
- | |||
- | ===== Patches and Tests ===== | ||
- | |||
- | Patch including tests: https://github.com/realityking/php-src/compare/timing_attack | ||
- | |||
- | ===== Vote ===== | ||
- | |||
- | <doodle title="Timing attack safe string comparison function" auth="realityking" voteType="single" closed="true"> | ||
- | * Yes | ||
- | * No | ||
- | </doodle> | ||
- | |||
- | ===== References ===== | ||
- | |||
- | * [[rfc:password_hash|Add Simplified Password Hashing RFC]] | ||
- | * [[http://blog.astrumfutura.com/2010/10/nanosecond-scale-remote-timing-attacks-on-php-applications-time-to-take-them-seriously/|Nanosecond Scale Remote Timing Attacks on PHP Applications]] | ||
- | * [[http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/|Exploiting Remote Timing Attacks]] | ||
- | * [[https://github.com/symfony/security-core/blob/master/Util/StringUtils.php#L36|Symfony2 constant-time string comparison]] | ||
- | * [[https://github.com/joomla/joomla-cms/blob/master/libraries/joomla/crypt/crypt.php#L262|Joomla constant-time string comparison]] | ||
- | * [[https://github.com/zendframework/zf2/blob/master/library/Zend/Crypt/Utils.php#L17|Zend Framework 2 constant-time string comparison]] | ||
- | |||
- | ===== Changelog ===== | ||
- | * 0.1 Initial publication | ||
- | * 0.2 Renamed to hash_compare, added link to Zend Framework 2, removed information leak when knownString is empty (Thank you Tjerk) | ||
- | * 1.0 Moved function to ext/hash. Started voting. |
rfc/timing_attack.txt · Last modified: 2017/09/22 13:28 (external edit)