|
Most of our drivers include code similar to this at the end of their SCRAM-SHA-1 implementations:
if response['v'] != server_signature:
|
throw "Server signature is invalid"
|
As a matter of general hygiene, this comparison should be done using a constant-time comparison function. Note that this is not a security vulnerability in any of our drivers, just the right thing to do. SCRAM-SHA-1 uses a per-auth attempt client generated nonce, which removes any information that could be inferred through a theoretical timing attack.
For higher level languages, there is likely a useful method in the standard library to do this. For example, in python:
https://docs.python.org/2/library/hmac.html#hmac.compare_digest
For C or C++, the implementation of python's compare_digest is instructive:
https://hg.python.org/releasing/2.7.9/file/tip/Modules/operator.c#l240
|