Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:70856 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 10706 invoked from network); 23 Dec 2013 10:26:48 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Dec 2013 10:26:48 -0000 Authentication-Results: pb1.pair.com header.from=me@rouvenwessling.de; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=me@rouvenwessling.de; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain rouvenwessling.de designates 5.35.242.46 as permitted sender) X-PHP-List-Original-Sender: me@rouvenwessling.de X-Host-Fingerprint: 5.35.242.46 rouvenwessling.de Linux 2.6 Received: from [5.35.242.46] ([5.35.242.46:45860] helo=lvps5-35-242-46.dedicated.hosteurope.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 5D/D5-08405-7EF08B25 for ; Mon, 23 Dec 2013 05:26:48 -0500 Received: by lvps5-35-242-46.dedicated.hosteurope.de (Postfix, from userid 5001) id 0F64769F14B0; Mon, 23 Dec 2013 11:26:44 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lvps5-35-242-46.dedicated.hosteurope.de X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.3.1 Received: from [192.168.0.124] (ip-88-152-3-96.unitymediagroup.de [88.152.3.96]) by lvps5-35-242-46.dedicated.hosteurope.de (Postfix) with ESMTPA id 57FCD69F00E1; Mon, 23 Dec 2013 11:26:43 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\)) In-Reply-To: <52B80C5B.2050208@sugarcrm.com> Date: Mon, 23 Dec 2013 11:26:42 +0100 Cc: "internals@lists.php.net" Content-Transfer-Encoding: quoted-printable Message-ID: <6C0AE2F4-26DA-4081-914A-F6D18C46911C@rouvenwessling.de> References: <3014595E-B155-47F6-AC7B-71083D89525D@rouvenwessling.de> <52B80C5B.2050208@sugarcrm.com> To: Stas Malyshev X-Mailer: Apple Mail (2.1822) Subject: Re: [PHP-DEV] [RFC] Timing attack safe string comparison function From: me@rouvenwessling.de (=?iso-8859-1?Q?Rouven_We=DFling?=) Hi Stas. On 23.12.2013, at 11:11, Stas Malyshev wrote: >> I'd like to propose this RFC to introduce a time-constant string >> comparison function: https://wiki.php.net/rfc/timing_attack >=20 > I wonder how practical this would be. There are probably many side > channels in PHP related to how PHP manages memory, copies variables, > processes opcodes, etc. so I wonder if providing such function for PHP > API would practically add anything or if you should be doing crypto = that > sensitive in PHP anyway? Indeed, a managed language like PHP will never be able to guarantee = safety in this regard. However while you may be able to gain information = about the length of the known string, I doubt it will be possible to = exploit the string comparison itself (getting byte for byte closer to = the hash). As for your last point, you don't need to do terribly sensitive crypo = for this to make sense. Any password hash comparison will do. That there's a need for this sort of thing is probably demonstrated by = the fact, that this is already used by major framework like Joomla! and = Symfony2, but implemented in pure PHP which suffers even more from the = issues you describe. Also PHP core does something like this already, but = only in the narrow use case of password_verify. On 23.12.2013, at 11:20, Joe Watkins wrote: > One of the chaps on SO done a bit of testing, it appears that without = usleep in php land you cannot avoid cpu spikes, and so cannot get a = reliable vector of attack unless the server side code has been prepared = to be attacked. But this is only testing. Do you have a link to that discussion? It'd probably be interesting to = read in the context of this discussion. Best regards Rouven=