search

psecio / jwt

A JWT (JSON Web Token) Encoder & Decoder
110 stars 13 forks source link

Timing vulnerability in MAC verification #8

Closed ircmaxell closed 9 years ago

ircmaxell commented 10 years ago

The current MAC verification code is vulnerable to timing attacks since it uses a direct comparison.

Instead, implement Double HMAC Verification

However, don't re-use any keys, generate a random key for use in the verification: source:

function timingSafeEquals($m1, $m2) {
    $key = gen_random(32);
    if (hash_hmac('sha256', $m1, $key, true) === hash_hmac('sha256', $m2, $key, true)) {
        return true;
    }
    return false;
}
sagikazarmark commented 9 years ago

If I am correct, than hash_equals is the solution for this. Since it is introduced in PHP 5.6, I created a backport package for it:

https://github.com/indigophp/hash-compat

enygma commented 9 years ago

Adding a quick version of hash_equals to the Jwt class to backport the validation. Closing issue.