Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-255

Use constant-time hash comparison functions

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Security Level: Public
    • Labels:
    • # Replies:
      1
    • Last comment by Customer:
      false
    • SERVER fixVersion:
      3.2

      Description

      Most of our drivers include code similar to this at the end of their SCRAM-SHA-1 implementations:

      if response['v'] != server_signature:
          throw "Server signature is invalid"
      

      As a matter of general hygiene, this comparison should be done using a constant-time comparison function. Note that this is not a security vulnerability in any of our drivers, just the right thing to do. SCRAM-SHA-1 uses a per-auth attempt client generated nonce, which removes any information that could be inferred through a theoretical timing attack.

      For higher level languages, there is likely a useful method in the standard library to do this. For example, in python:

      https://docs.python.org/2/library/hmac.html#hmac.compare_digest

      For C or C++, the implementation of python's compare_digest is instructive:

      https://hg.python.org/releasing/2.7.9/file/tip/Modules/operator.c#l240

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              barrie Barrie Segal
              Reporter:
              behackett Bernie Hackett
              Participants:
              Last commenter:
              Ian Whalen
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since reply:
                5 years, 18 weeks, 4 days ago
                Date of 1st Reply: