Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72792
Return-Path: <tjerk.meesters@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 70437 invoked from network); 24 Feb 2014 11:26:03 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Feb 2014 11:26:03 -0000
Authentication-Results: pb1.pair.com smtp.mail=tjerk.meesters@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=tjerk.meesters@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.171 as permitted sender)
X-PHP-List-Original-Sender: tjerk.meesters@gmail.com
X-Host-Fingerprint: 209.85.220.171 mail-vc0-f171.google.com  
Received: from [209.85.220.171] ([209.85.220.171:32903] helo=mail-vc0-f171.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 24/D4-46513-B4C2B035 for <internals@lists.php.net>; Mon, 24 Feb 2014 06:26:03 -0500
Received: by mail-vc0-f171.google.com with SMTP id le5so5629744vcb.30
        for <internals@lists.php.net>; Mon, 24 Feb 2014 03:25:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=nzhPo0Zb434qwWRyySpQ4Y2Hv/RyB4cN6l5jwJNYsL4=;
        b=yYauxTR8Y/fTPQs03kzI/8rXMFp2vwYsWNju1HJ2nbF9cwbgO8ZaEWxoPCO+ffQDxM
         7m3m2Jtcd69bywYo0niLSyRjV++98BBu5hvlThFO1o4Eql7W4pgNnvdNoWYcPfnas7GD
         J3Hzn1B/jMkAuh9ctsTx+80+0KMlcTUZOLOlKzheGBtQrRfe5az5y/P1D7tG+F98gFgX
         0C+nMWvTGjXjSZ2d4ZheE/QlWEdU14oCN0F3x0A2q2u9YekI5FzYzaLGQ8GtSEL2W+TG
         tElstfe6nxvEH4v/P9tC/2rHDXhefMbjWiSeAejJF8jWrYr2bSfvkxYlQmtSSqtScldH
         /xAA==
MIME-Version: 1.0
X-Received: by 10.52.230.105 with SMTP id sx9mr10320674vdc.10.1393241158785;
 Mon, 24 Feb 2014 03:25:58 -0800 (PST)
Received: by 10.59.5.37 with HTTP; Mon, 24 Feb 2014 03:25:58 -0800 (PST)
In-Reply-To: <CAPhkiZxpLkyu4AGuFFYHWx6TLYXP22uHxHm3mhkSTWBvV+5Z4Q@mail.gmail.com>
References: <CAPhkiZxpLkyu4AGuFFYHWx6TLYXP22uHxHm3mhkSTWBvV+5Z4Q@mail.gmail.com>
Date: Mon, 24 Feb 2014 19:25:58 +0800
Message-ID: <CAHMUw2FhOT1GqPPL8w0B5=U=+=vsb7iNYwirjebxiPcWNLo7Pg@mail.gmail.com>
To: Andrey Andreev <narf@devilix.net>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=089e0111da1e5b23f004f3253c29
Subject: Re: [PHP-DEV] [VOTE] Timing attack safe string comparison function
From: tjerk.meesters@gmail.com (Tjerk Meesters)

--089e0111da1e5b23f004f3253c29
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Mon, Feb 24, 2014 at 4:13 PM, Andrey Andreev <narf@devilix.net> wrote:

> Hey,
>
> Rouven We=C3=83=C5=B8ling <me@rouvenwessling.de> wrote:
>
> > I've updated the patch, taking the following feedback into account:
> > -Renamed function to hash_equals
>
> Why? There were some suggestions to rename it to something more
> descriptive and generic, but nobody could think of such and IMO,
> hash_compare() was better. :)
>

It's not obvious that `hash_compare()` would return a `bool(true)` if both
hashes match and `bool(false)` otherwise; something that the name
`hash_equals()` does convey. Maybe it's not the "most best" name, but it's
at least obvious what the return value would be like.


>
> Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
>
> > > Rouven We=C3=83=C5=B8ling <me@rouvenwessling.de>wrote:
> > > > I did some experiments. It seems it's good to implement timing safe
> > > comparison in engine. i.e. We can make =3D=3D/=3D=3D=3D secure by def=
ault like
> > > Python. It would be much safer get rid of all timing from PHP.
> > > >
> > > > We need new RFC to include the change in engine.
> > >
> > >
> > > That's not how I read that discussion (though I might have missed a
> mail).
> > > Also personally I don't like it. I don't see that the supposed gain i=
n
> > > security is worth the performance implication. Also if it turns out
> there's
> > > a bug, and we'd have to make it 100 times slower for some reason, tha=
n
> > > that's not a big deal for a function like hash_equals. It is however
> if it
> > > affects all comparisons.
> > >
> > > Since I don't believe in that change, I'm not interested in proposing
> that
> > > RFC.
> >
> > Understood. This is OK.
> >
> > From the experiment, performance implication is not much.
> > Automatic protection in any place would worth the trade off. IMHO.
> > Python even uses less efficient hash for comparison. I heard they
> > use optimized version of SipHash, we may better try it before deciding
> > algorithm, though.
> >
> > Any other comments regarding =3D=3D/=3D=3D=3D timing safety?
>
>
> I also don't like it. The proposed function is just fine.
>
> Cheers,
> Andrey.
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


--=20
--
Tjerk

--089e0111da1e5b23f004f3253c29--