You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Yannic Noller (JIRA)" <ji...@apache.org> on 2018/05/05 12:33:00 UTC
[jira] [Commented] (FTPSERVER-485) Timing Side Channel
PasswordEncryptor
[ https://issues.apache.org/jira/browse/FTPSERVER-485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16464750#comment-16464750 ]
Yannic Noller commented on FTPSERVER-485:
-----------------------------------------
Hi,
I checked your solution with the drescribed method PasswordUtil.secureCompare(..) for the proposed locations. For the classes ClearTextPasswordEncryptor and Md5PasswordEncryptor and it looks good.
However, the class *SaltedPasswordEncryptor* still leaks information so I had a deeper look and figured out that the encryption method in SaltedPasswordEncryptor leaks information about the salt. The processing time in this method differs for different salt values.
I opened another bug description because it is actually another issue: FTPSERVER-487
Thanks
Yannic
> Timing Side Channel PasswordEncryptor
> -------------------------------------
>
> Key: FTPSERVER-485
> URL: https://issues.apache.org/jira/browse/FTPSERVER-485
> Project: FtpServer
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.1.1
> Environment: tested on macOS High Sierra 10.13.4, but it is not relevant
> Reporter: Yannic Noller
> Assignee: Jonathan Valliere
> Priority: Major
> Labels: easyfix, pull-request-available
> Fix For: 1.1.2
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Dear Apache FTPServer developers,
> We have found a timing side-channel in class org.apache.ftpserver.usermanager.ClearTextPasswordEncryptor, method "public boolean matches(String passwordToCheck, String storedPassword)". This is due to the use of String.equals for comparison which returns as soon as a character does not match. This represents a timing side channel, which could be used by a potential attacker to obtain knowledge about the hidden secret password.
> Do you agree with our findings?
> A similar issue is present in method "matches" from classes org.apache.ftpserver.usermanager.Md5PasswordEncryptor and org.apache.ftpserver.usermanager.SaltedPasswordEncryptor.
> We found these classes in the latest version of your git repo: https://git-wip-us.apache.org/repos/asf?p=mina-ftpserver.git;a=summary
> The problem can be fixed easily by using the following safe version for String comparison in all three methods:
> public boolean isEqual_safe(String a, String b) {
> char a_value[] = a.toCharArray();
> char b_value[] = b.toCharArray();
> boolean unused;
> boolean matches = true;
> for (int i = 0; i < a_value.length; i++) {
> if (i < b_value.length) {
> if (a_value[i] != b_value[i]) {
> matches = false;
> } else {
> unused = true;
> }
> } else {
> unused = false;
> unused = true;
> }
> }
> return matches;
> }
> Do you agree with our patch proposal?
> Please feel free to contact us for further clarification! You can reach us by the following email address:
> yannic.noller@informatik.hu-berlin.de
> Best regards,
> Yannic Noller
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)