digitalmars.D.bugs - [Issue 17286] New: A function for comparing two digests securely
- via Digitalmars-d-bugs (22/22) Mar 29 2017 https://issues.dlang.org/show_bug.cgi?id=17286
https://issues.dlang.org/show_bug.cgi?id=17286 Issue ID: 17286 Summary: A function for comparing two digests securely Product: D Version: D2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P1 Component: phobos Assignee: nobody puremagic.com Reporter: jack jackstouffer.com Given two strings A and B, using std.algorithm.equal to compare them leaves your web application open to timing attacks because it has a short circuit, i.e. it returns false on the first inequality. The attack comes from allowing attacker to brute force you HMAC key. See this article for more information and why Java gets it wrong: https://codahale.com/a-lesson-in-timing-attacks/ The solution is to have a string comparison that will always be constant time given two strings of the same length. --
Mar 29 2017