[security] Widespread Timing Vulnerabilities in OpenID implementations
Pádraic Brady
padraic.brady at yahoo.com
Fri Jul 16 15:02:25 UTC 2010
I can only speak for PHP, but the function is also multiples slower than a
native comparison from when I was implementing it last year. Not all that
surprising given PHP is also built on C (to the point it practically copies
functions) so it should resolve similarly.
Just on implementations - have you notified these directly? Not all of them
may be paying attention to this list since it's not necessarily implementation
specific.
Paddy
Pádraic Brady
http://blog.astrumfutura.com
http://www.survivethedeepend.com
Zend Framework Community Review Team
________________________________
From: Nate Lawson <nate at rootlabs.com>
To: Andrew Arnott <andrewarnott at gmail.com>
Cc: openid-security <openid-security at lists.openid.net>
Sent: Fri, July 16, 2010 12:20:36 AM
Subject: Re: [security] Widespread Timing Vulnerabilities in OpenID
implementations
Andrew Arnott wrote:
> These six lines of code turn out to be ~*100 times slower* than the built-in
> .NET String.Equals function. I don't know why there is such a perf
> difference, but apparently .NET has some serious string equality check
> optimizations in their native code. Has anyone else compared the
> performance of their language's native string equality check function and
> this hand-written alternative?
We're doing that as part of our talk. Did you compare 100% correct
strings or were they different? Obviously, a compare that terminates
early will be faster for non-matching input.
When you say 100x slower, what are your actual numbers in terms of
nanoseconds per byte for each version?
In Python, a string compare with == devolves to a call to C memcmp(). I
suspect .NET does the same thing. For Java and Ruby, it doesn't and so
the routine Taylor posted is nearly identical in performance to the
naive compare.
I'm sure the secret_cmp() function could be subject to some
language-specific optimizations for non-native environments. It's worth
looking into.
--
Nate Lawson
Root Labs :: www.rootlabs.com
+1 (510) 595-9505 / (415) 305-5638 mobile
Solving embedded security, kernel and crypto challenges
_______________________________________________
security mailing list
security at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20100716/4e129185/attachment.html>
More information about the security
mailing list