hgmnz
commented
10 years ago The spec requires the comparison to be done in constant time, independent of the contents of the inputs.
Amen to that; this direct comparison is vulnerable to a timing attack.
Closed kr closed 10 years ago
hgmnz
commented
10 years ago The spec requires the comparison to be done in constant time, independent of the contents of the inputs.
Amen to that; this direct comparison is vulnerable to a timing attack.
kr
commented
10 years ago I suggest reopening this issue because of https://github.com/csquared/fernet.js/pull/7/files#r10286901.
csquared
commented
10 years ago @kr duh. it has to take 64 iterations no matter what...
i think i got it this time: https://github.com/csquared/fernet.js/commit/e99e6ae964289068fd620060a232f71b80f793a6
if that's wrong i'll reopen the issue.
kr
commented
10 years ago I think it still needs work: https://github.com/csquared/fernet.js/commit/e99e6ae964289068fd620060a232f71b80f793a6#commitcomment-5577669. :)
https://github.com/csquared/fernet.js/blob/7bc5801/lib/token.js#L64 appears to be a short-circuit comparison. The spec requires the comparison to be done in constant time, independent of the contents of the inputs.
The go implementation does this with a library function: https://github.com/fernet/fernet-go/blob/54c3c8f/fernet.go#L76 and the ruby implementation does it with a loop: https://github.com/fernet/fernet-rb/blob/9190f48/lib/fernet/verifier.rb#L69
cc @tmaher @hgmnz @will