Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72318 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 25815 invoked from network); 6 Feb 2014 05:18:02 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Feb 2014 05:18:02 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.48 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.215.48 mail-la0-f48.google.com Received: from [209.85.215.48] ([209.85.215.48:55141] helo=mail-la0-f48.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C3/D2-09398-90B13F25 for ; Thu, 06 Feb 2014 00:18:02 -0500 Received: by mail-la0-f48.google.com with SMTP id mc6so1061108lab.21 for ; Wed, 05 Feb 2014 21:17:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=81A5tG4AFpSPV32y2+8Ak3hfC/grUj/8/KL5CtJZ998=; b=a/maLIBjQeY2k/TbxuR2yI08Gqsq9hyTf6HyxJdvjudzmgTnNJGvanwlZ3IJ78b01V zPoel2LfwnRPSKjbJFCQk9gFK+JssS79dWGXj8Gb9swMNgMIzekDhtkNFNc3c3rfQ4C2 JEY02YROfsDl+lx30BEED+ArhjeDETgB0IeCEAUj8HSY/PigwYkxY3ofgA/YUE6jwBI/ N7O/vZSfiigjA73uEwXqc7i42GgdKofkz0AZzCLi4aBc1BWzTcwxUJocOKCOvMte9ar/ xfk5ETUOeZGRJ/F+o0/NPu6gX5twiOUZ0o/NMn7HU9Gd6tGO6SZGUjK5tNusPWHCwuVS I/bg== X-Received: by 10.152.5.136 with SMTP id s8mr29096las.55.1391663878187; Wed, 05 Feb 2014 21:17:58 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.199.37 with HTTP; Wed, 5 Feb 2014 21:17:18 -0800 (PST) In-Reply-To: References: <9E3AA302-1EC1-4497-996F-716555CAAB64@rouvenwessling.de> <52F0139C.2060102@sugarcrm.com> Date: Thu, 6 Feb 2014 14:17:18 +0900 X-Google-Sender-Auth: 74YmdYeAh_JMIOQIALR94NEu1Jc Message-ID: To: =?UTF-8?Q?Rouven_We=C3=9Fling?= Cc: Stas Malyshev , Nikita Popov , PHP internals Content-Type: multipart/alternative; boundary=047d7b8743a41b2dd104f1b5ffce Subject: Re: [PHP-DEV] [VOTE] Timing attack safe string comparison function From: yohgaki@ohgaki.net (Yasuo Ohgaki) --047d7b8743a41b2dd104f1b5ffce Content-Type: text/plain; charset=UTF-8 It's me again. On Thu, Feb 6, 2014 at 1:31 PM, Yasuo Ohgaki wrote: > Sorry for multiple posts. > > On Thu, Feb 6, 2014 at 1:20 PM, Yasuo Ohgaki wrote: > >> Since comparison of short and/or not hashed data (e.g. user supplied raw >> password) should >> not be done as the function name imply, we may better to document so that >> users always >> compare hashed values even when they store raw password/etc. >> So randomized delay may be overkill. >> > > Because user should not pass other than hashed values, we may > return FALSE simply when length mismatches. Generated hashed > length should not be a secret. This get rid of length leak issue and > the function name is good for this purpose and make the operation > always constant. > Since there is internal code that is vulnerable to timing attack, could you make it PHPAPI? For example, ext/session/mod_mm.c is comparing session ID using strcmp() for (prev = NULL, ret = data->hash[slot]; ret; prev = ret, ret = ret->next) { if (ret->hv == hv && !strcmp(ret->key, key)) { break; } } Regards, P.S. Other save handlers are also vulnerable to timing attack. It could be mitigated the attack by specifying minimum length of session ID. I'll add this new INI option to session module. -- Yasuo Ohgaki yohgaki@ohgaki.net --047d7b8743a41b2dd104f1b5ffce--