Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:70884
Return-Path: <iwanluijks@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 19640 invoked from network); 27 Dec 2013 20:15:57 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Dec 2013 20:15:57 -0000
Authentication-Results: pb1.pair.com smtp.mail=iwanluijks@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=iwanluijks@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.44 as permitted sender)
X-PHP-List-Original-Sender: iwanluijks@gmail.com
X-Host-Fingerprint: 209.85.212.44 mail-vb0-f44.google.com  
Received: from [209.85.212.44] ([209.85.212.44:37023] helo=mail-vb0-f44.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BB/41-11616-CFFDDB25 for <internals@lists.php.net>; Fri, 27 Dec 2013 15:15:57 -0500
Received: by mail-vb0-f44.google.com with SMTP id x8so4944944vbf.31
        for <internals@lists.php.net>; Fri, 27 Dec 2013 12:15:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:from:date:message-id:subject:to:cc:content-type
         :content-transfer-encoding;
        bh=21ti81VDVZtR0EduD6qP3sR0tzRWidvWZGcxbpbgzh4=;
        b=iSdQlXdbCzdKO4zpGPMfu4tjmPkiwoTywCd1w7tRsBNDn1EwL6xbkfpP+5BStNvz/Z
         8Y9baUR/qFgsd/CTiQUdIAMX4V9siMohdcNnXwEFjRKrnIIfsNB2cUMc/PkjweKty1zb
         xGZi6xrWbqlV3rLcby1s5/Q7dWGn+dbvGFc789TXUAmdxnrB7v9lH0JMyqh8Ff1umWPX
         dui2AQx5/eM5xIEebf/h4j6fZjAmL1/Mehv8cWg6mcCzkn63+1fdTCNP7ShcNmAb/ZOS
         HzO+ItgUg64iqmNLBFFeUi55b0x+7GMlFrAcd0SLLN616mg5542qLOnmlfWUdGLwiYYe
         deHA==
X-Received: by 10.53.5.230 with SMTP id cp6mr6127413vdd.65.1388175353722; Fri,
 27 Dec 2013 12:15:53 -0800 (PST)
MIME-Version: 1.0
Date: Fri, 27 Dec 2013 12:15:53 -0800
Message-ID: <4472464359645184992@unknownmsgid>
To: Adam Harvey <aharvey@php.net>, Sara Golemon <pollita@php.net>
Cc: PHP Development <internals@lists.php.net>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Subject: RE: [PHP-DEV] [RFC] Timing attack safe string comparison function
From: iwanluijks@gmail.com (Iwan Luijks)

Hi all,

Normally I wouldn't post to this mailing list, all ideas are in my
opinion very nicely taken care of. So that's the first note, thanks for
that :).

Besides that, I can't resist to make a note on the fact that this
function might very well be used as callback parameter in an array_walk
or array_map in which only implementing it via an extra parameter in a
strcmp from a practical point of view is a no go. Agree? :)

Next to that, the same functionality could later on be very well used
too compare 2 object hashes, raw hashes, or any non-string
combinations. If I'm correct in this, should there be considered a
function name that might respect this possible upcoming feature
beforehand?

Just a note.


Iwan Luijks

Verzonden met mijn Windows Phone Van: Adam Harvey
Verzonden: 27-12-2013 19:13
Aan: Sara Golemon
CC: PHP Development
Onderwerp: Re: [PHP-DEV] [RFC] Timing attack safe string comparison
function
On 27 December 2013 05:57, Sara Golemon <pollita@php.net> wrote:
> However, I do worry about using this syntax for a couple reasons of
> unintended consequences:
>
> * Fat Fingers: A third int/bool field to strcmp() could very easily
> get misinterpreted by accidentally using strncmp().  Now that
> true/0x01 looks like a length of 1 and your strcmp() only has to match
> the first character!

This does worry me a little too.

Another reason I'm not thrilled with the idea of adding a parameter is
that I think it's clearer what's going on if the function name itself
is descriptive (provided a good name can be found) =97 fundamentally,
they're actually different operations, even if they're in the class of
"string comparison functions", and if you're switching out the entire
implementation based on a mode parameter, that suggests to me they
should be different functions.

> Lastly, please stay away from names like "strcmp_secure()".  5-10
> years from now such a function will inevitably turn out to be insecure
> in some way and we'll need to add
> strcmp_really_secure_I_mean_it_this_time().  That way lies madness.

+1. I don't know what a good name is, but anything with the word
"secure" isn't it. str_compare_constant_time()?

Adam

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php