Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:80243 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 1563 invoked from network); 6 Jan 2015 22:54:58 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Jan 2015 22:54:58 -0000 Authentication-Results: pb1.pair.com header.from=dunglas@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=dunglas@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.48 as permitted sender) X-PHP-List-Original-Sender: dunglas@gmail.com X-Host-Fingerprint: 209.85.215.48 mail-la0-f48.google.com Received: from [209.85.215.48] ([209.85.215.48:44026] helo=mail-la0-f48.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FB/B5-61664-0C76CA45 for ; Tue, 06 Jan 2015 17:54:56 -0500 Received: by mail-la0-f48.google.com with SMTP id gf13so440313lab.7 for ; Tue, 06 Jan 2015 14:54:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=aVPLFmwMBYSEMisDzsvqkV5blkIKGcZwgCEhNcNFnvo=; b=YJmB/4MZIz12fBWCn98fBw1aL9cgEHbMMlE88zq/Qu1uS296tTbBNDfvTquHS2fdFF 576CUFFKifIWtlTDoIrFKzGtDnpFeFw11gshMcYJBOUGeL7yoK5PdgQy0zwsMb/knuGP WqZ2tSci95ZTKK3Kn0RdK4+i6go8WVa+X9sW4KQFeA7y8rNqxfRjtcfnzD1LF98CAZd1 d/pcwwSz8vhxyy+u1gHHtnhSSwIitn4zXXG9up8uqJuDGKtI9jZ1jg2mxNVQI0BAxYTH V4PA1yLVjEdXJKHu3C8UfFPg9WoXXhCbDpjKDGoTvgAPa3qxk5OKbpfp9GSN81S7Htiw oQTg== X-Received: by 10.112.126.165 with SMTP id mz5mr81949110lbb.67.1420584892485; Tue, 06 Jan 2015 14:54:52 -0800 (PST) MIME-Version: 1.0 Received: by 10.114.194.34 with HTTP; Tue, 6 Jan 2015 14:54:32 -0800 (PST) In-Reply-To: References: Date: Tue, 6 Jan 2015 23:54:32 +0100 Message-ID: To: PHP Internals Content-Type: multipart/alternative; boundary=001a11c36c06e3d79a050c03b12c Subject: Re: hash_equals: leak less information about length From: dunglas@gmail.com (=?UTF-8?Q?K=C3=A9vin_Dunglas?=) --001a11c36c06e3d79a050c03b12c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello internals, I've submitted this PR a long time ago: https://github.com/php/php-src/pull/792 I still think it's a good idea to mitigate the length leak (rather than returning immediately if strings are not of the same length) while advertising in docs that the length will leak in any case. php.net doc has been fixed, but - for instance - this is not the case of the Symfony doc: http://symfony.com/doc/current/components/security/secure_tools.html (this method internally use hash_equals, I've just submitted a PR to fix this doc but I'm sure there is a lot of other misuses in the wild). To summarize: a theoretical (especially for web apps, more annoying for CLI apps) and advertised leak is better than a big undocumented leak. Can you merge this PR? 2014-08-31 12:59 GMT+02:00 K=C3=A9vin Dunglas : > Hi, > > I've submitted a PR to make the hash_equals function leak less informatio= n > about compared strings' lengths (benchmark and use cases available in > comments): https://github.com/php/php-src/pull/792 > > Trying to hide length is needed to replace Symfony and Joomla PHP > implementations by hash_equals (when available). > > The idea: > - clearly advert in the documentation that this function can potentially > leak lengths > - Try to make it harder for an attacker by using a robuster implementatio= n. > > If there there is an agreement to use this kind of implementation, I'll > rework the PR to use some tricks from the CPython one ( > https://github.com/python/cpython/blob/c7688b44387d116522ff53c0927169db45= 969f0e/Modules/_operator.c#L175 > - use of volatile and no modulo). > > Best regards, > -- > K=C3=A9vin Dunglas > > http://dunglas.fr > --=20 K=C3=A9vin Dunglas Consultant et d=C3=A9veloppeur freelance http://dunglas.fr T=C3=A9l. : 06 60 91 20 20 --001a11c36c06e3d79a050c03b12c--