Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-255

Use constant-time hash comparison functions

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Component/s: None
    • Labels:
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      PYTHON-974 Done 2.9, 3.1
      RUBY-999 Done 2.1.0
      CSHARP-1389 Done 2.0.2, 2.1
      SCALA-204 Done
      CDRIVER-815 Done 1.3.0-beta0
      CXX-657 Done legacy-1.1.0-rc0
      JAVA-1942 Done 3.1.0
      RUBY-1010 Duplicate 12_01_17
      PHP-1478 Won't Fix
      PERL-560 Done
      PHPC-406 Done 1.1.0
      RUST-11 Fixed 0.9.0-alpha
      SWIFT-463 Done
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion PYTHON-974 Done 2.9, 3.1 RUBY-999 Done 2.1.0 CSHARP-1389 Done 2.0.2, 2.1 SCALA-204 Done CDRIVER-815 Done 1.3.0-beta0 CXX-657 Done legacy-1.1.0-rc0 JAVA-1942 Done 3.1.0 RUBY-1010 Duplicate 12_01_17 PHP-1478 Won't Fix PERL-560 Done PHPC-406 Done 1.1.0 RUST-11 Fixed 0.9.0-alpha SWIFT-463 Done

      Most of our drivers include code similar to this at the end of their SCRAM-SHA-1 implementations:

      if response['v'] != server_signature:
    throw "Server signature is invalid"

      As a matter of general hygiene, this comparison should be done using a constant-time comparison function. Note that this is not a security vulnerability in any of our drivers, just the right thing to do. SCRAM-SHA-1 uses a per-auth attempt client generated nonce, which removes any information that could be inferred through a theoretical timing attack.

      For higher level languages, there is likely a useful method in the standard library to do this. For example, in python:

      https://docs.python.org/2/library/hmac.html#hmac.compare_digest

      For C or C++, the implementation of python's compare_digest is instructive:

      https://hg.python.org/releasing/2.7.9/file/tip/Modules/operator.c#l240

            Assignee:
            barrie Barrie Segal
            Reporter:
            bernie@mongodb.com Bernie Hackett
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: