https://kotlinlang.org logo
Title
f

frank

04/22/2023, 4:00 AM
I'm implementing an
Basic Auth.
with User Hashed and I was checking the validation function for check if it's
timing-attack
safe. I saw, that uses the
equals(byte [] a, byte [] a2)
method to validate credentials. So I think it would be
timing-attack
vulnerable. Validate function:
public fun authenticate(credential: UserPasswordCredential): UserIdPrincipal? {
        val userPasswordHash = table[credential.name]
        if (userPasswordHash != null && digester(credential.password) contentEquals userPasswordHash) {
            return UserIdPrincipal(credential.name)
        }

        return null
}
Any alternative in
Ktor lib
or I'm wrong?
a

Arjan van Wieringen

04/22/2023, 2:27 PM
Why would this be vulnerable to a timing attack?
c

chiroptical

04/22/2023, 4:39 PM
If the user password hash is null you don’t digest. Is the digester constant time? You could always digest and then do the check?
(fwiw, I am not an expert here and would be curious about what others say)
Ohh, I might be conflating timing attacks. I think your question might be: is
contentEquals
constant time?
f

frank

04/23/2023, 3:11 AM
@chiroptical Yes, I have doubts with
contentEquals
if is constant-time. Looking the code, I would say that in the first
if
is time-attack vulnerable. I'm wrong?
@IntrinsicCandidate
public static boolean equals(byte[] a, byte[] a2) {
        if (a==a2)
            return true;
        if (a==null || a2==null)
            return false;

        int length = a.length;
        if (a2.length != length)
            return false;

        return ArraysSupport.mismatch(a, a2, length) < 0;
 }
a

Arjan van Wieringen

04/23/2023, 7:10 AM
You might actually be right. A similar JVM (Scala) vulnerability: https://vulners.com/veracode/VERACODE:5933