10000 Use a constant-time secure comparison for passwords by glittershark · Pull Request #119 · bcrypt-ruby/bcrypt-ruby · GitHub
[go: up one dir, main page]
Skip to content

Use a constant-time secure comparison for passwords #119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Use a constant-time secure comparison for passwords #119

wants to merge 1 commit into from

Conversation

glittershark
Copy link

Use a constant-time byte-by-byte secure comparison to compare potential
password hashes rather than String#==, which uses strcmp under the
hood and stops as soon as there's an unmatched byte.

@glittershark glittershark force-pushed the do-secure-comparison branch from 16f31c1 to bbc1553 Compare August 6, 2015 18:23
Use a constant-time secure comparison for passwords
bbc1553 
Use a constant-time byte-by-byte secure comparison to compare potential
password hashes rather than `String#==`, which uses strcmp under the
hood and stops as soon as there's an unmatched byte.
@glittershark
Copy link
Author

see #42, which I didn't notice until after I did this.

@glittershark
Copy link
Author

Also, this is breaking on a build on ruby-head - don't know if that's my fault

@tenderlove tenderlove closed this Oct 27, 2015
@tenderlove tenderlove reopened this Oct 27, 2015
@tenderlove
Copy link
Collaborator

(Bumping for CI)

@tenderlove
Copy link
Collaborator

As I said in #43, I don't think this buys us anything, but I'll let @tjschuck decide since he is the current maintainer.

@paragonie-scott
Copy link

It buys nothing except "we're following best practices," which is in itself valuable.

@fawaf
Copy link
fawaf commented Apr 9, 2016

another +1

@Papierkorb
Copy link

👍 from me too

@marekciupak
Copy link

It is described in #43 why it is not necessary in this case. Has anything changed since then?

@itay-grudev
Copy link
itay-grudev commented Aug 26, 2022
edited
Loading

@codahale

bcrypt's preimage resistance makes timing attacks a non-issue here.

Bcrypt has preimage resistance according to known methods. Science is a process and remember md5 was state of the art and invulnerable at some time. This extra safety precaution causes no practical performance hit, but increases security by a significant amount. Dismissing this best practice is simply naive as it exists for a reason.

There is really no practical argument here, not to include this. The negligible performance decrease is not worth the security decrease.

@codahale
Copy link
Contributor

I’m not sure why you saw fit to resurrect a decade-old issue and specifically tag me but here we go.

  1. I don’t have commit access to this repo and couldn’t merge this even if I wanted to.
  2. I’m not a maintainer for this project and haven’t committed to it since 2009.
  3. I haven’t worked with Ruby for more than a decade.
  4. Even if I were the person you needed to convince, your argument is not convincing.

Leave me alone.

@tenderlove tenderlove mentioned this pull request Oct 29, 2024
Merged
@tenderlove
Copy link
Collaborator

Closing in favor of #282. @glittershark I cherry-picked your commit in to #282 then added some trivial performance related stuff (specifically just avoiding array allocations).

@tenderlove tenderlove closed this Oct 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@glittershark @tenderlove @paragonie-scott @fawaf @Papierkorb @marekciupak @itay-grudev @codahale
0