I m implementing an `Basic Auth ` with User Hashed and I was kotlinlang #ktor

04/22/2023, 4:00 AM

I'm implementing an

Basic Auth.

with User Hashed and I was checking the validation function for check if it's

timing-attack

safe. I saw, that uses the

equals(byte [] a, byte [] a2)

method to validate credentials. So I think it would be

timing-attack

vulnerable. Validate function:

public fun authenticate(credential: UserPasswordCredential): UserIdPrincipal? {
        val userPasswordHash = table[credential.name]
        if (userPasswordHash != null && digester(credential.password) contentEquals userPasswordHash) {
            return UserIdPrincipal(credential.name)
        }

        return null
}

Any alternative in
Ktor lib
or I'm wrong?

Arjan van Wieringen

04/22/2023, 2:27 PM

Why would this be vulnerable to a timing attack?

04/22/2023, 4:39 PM

If the user password hash is null you don’t digest. Is the digester constant time? You could always digest and then do the check?

(fwiw, I am not an expert here and would be curious about what others say)

Ohh, I might be conflating timing attacks. I think your question might be: is

contentEquals

constant time?

04/23/2023, 3:11 AM

@chiroptical Yes, I have doubts with

contentEquals

if is constant-time. Looking the code, I would say that in the first

if

is time-attack vulnerable. I'm wrong?

@IntrinsicCandidate
public static boolean equals(byte[] a, byte[] a2) {
        if (a==a2)
            return true;
        if (a==null || a2==null)
            return false;

        int length = a.length;
        if (a2.length != length)
            return false;

        return ArraysSupport.mismatch(a, a2, length) < 0;
 }

Arjan van Wieringen

04/23/2023, 7:10 AM

You might actually be right. A similar JVM (Scala) vulnerability: https://vulners.com/veracode/VERACODE:5933