Closed kr closed 10 years ago
The spec requires the comparison to be done in constant time, independent of the contents of the inputs.
Amen to that; this direct comparison is vulnerable to a timing attack.
I suggest reopening this issue because of https://github.com/csquared/fernet.js/pull/7/files#r10286901.
@kr duh. it has to take 64 iterations no matter what...
i think i got it this time: https://github.com/csquared/fernet.js/commit/e99e6ae964289068fd620060a232f71b80f793a6
if that's wrong i'll reopen the issue.
I think it still needs work: https://github.com/csquared/fernet.js/commit/e99e6ae964289068fd620060a232f71b80f793a6#commitcomment-5577669. :)
https://github.com/csquared/fernet.js/blob/7bc5801/lib/token.js#L64 appears to be a short-circuit comparison. The spec requires the comparison to be done in constant time, independent of the contents of the inputs.
The go implementation does this with a library function: https://github.com/fernet/fernet-go/blob/54c3c8f/fernet.go#L76 and the ruby implementation does it with a loop: https://github.com/fernet/fernet-rb/blob/9190f48/lib/fernet/verifier.rb#L69
cc @tmaher @hgmnz @will