def validate_signature(signature, params)
signature == generate_signature(params)
end
to validate a token. Ruby's string compare is probably efficient and short-circuits after the first mis-match. This allows a potential timing attack in which the attacker guesses the token by using the timing difference that gets created by failing later in the string. A safer way to compare the signature is probably to hash the given signature and the calculated signature using sha1 or similar. While the comparison then still fails at some point in the string, the direct relationship between point of failure and the difference in the signature is destroyed. Another option would be to iterate over the string and compare each character, regardless of the point of failure. This should also defeat the timing attacks.
Xylakant
commented
12 years ago
The signer uses
to validate a token. Ruby's string compare is probably efficient and short-circuits after the first mis-match. This allows a potential timing attack in which the attacker guesses the token by using the timing difference that gets created by failing later in the string. A safer way to compare the signature is probably to hash the given signature and the calculated signature using sha1 or similar. While the comparison then still fails at some point in the string, the direct relationship between point of failure and the difference in the signature is destroyed. Another option would be to iterate over the string and compare each character, regardless of the point of failure. This should also defeat the timing attacks.