You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2019/11/19 17:27:00 UTC
[jira] [Assigned] (SHIRO-458) Possible leaked timing information
from DefaultPasswordService
[ https://issues.apache.org/jira/browse/SHIRO-458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned SHIRO-458:
-----------------------------------------
Assignee: Colm O hEigeartaigh
> Possible leaked timing information from DefaultPasswordService
> --------------------------------------------------------------
>
> Key: SHIRO-458
> URL: https://issues.apache.org/jira/browse/SHIRO-458
> Project: Shiro
> Issue Type: Bug
> Components: Cryptography & Hashing
> Affects Versions: 1.2.2
> Environment: Mac OS X 10.8.3, Java 1.6.0_51
> Reporter: Stuart Broad
> Assignee: Colm O hEigeartaigh
> Priority: Trivial
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Use of the String equals comparison for the password hash comparison could leak timing information since it returns false as soon a character does not match.
> DefaultPasswordService>>passwordsMatch(Object submittedPlaintext, String saved)
> Last line is:
> return saved.equals(formatted); //saved and formatted are strings
> A possible constant time equals could be:
> private boolean constantEquals(String s1, String s2)
> {
> /*
> * Alternative option (simpler but I'm not sure about the intern 'cost'):
> * s1.intern();
> * s2.intern();
> * s1 == s2
> */
> int result = 0;
> byte[] a = s1.getBytes();
> byte[] b = s2.getBytes();
> // Also leaks timing information but probably ok...
> if (a.length != b.length) {
> return false;
> }
> /*
> * XOR each byte. If each byte is the
> * same the XOR will result in 0.
> */
> for (int i = 0; i < a.length; i++) {
> result |= a[i] ^ b[i];
> }
> return result == 0;
> }
--
This message was sent by Atlassian Jira
(v8.3.4#803005)