Skip to content

Use a constant-time secure comparison for passwords#119

Closed
glittershark wants to merge 1 commit intobcrypt-ruby:masterfrom
glittershark:do-secure-comparison
Closed

Use a constant-time secure comparison for passwords#119
glittershark wants to merge 1 commit intobcrypt-ruby:masterfrom
glittershark:do-secure-comparison

Conversation

@glittershark
Copy link

@glittershark glittershark commented Aug 6, 2015

Use a constant-time byte-by-byte secure comparison to compare potential
password hashes rather than String#==, which uses strcmp under the
hood and stops as soon as there's an unmatched byte.

@glittershark glittershark force-pushed the do-secure-comparison branch from 16f31c1 to bbc1553 Compare August 6, 2015 18:23
Use a constant-time secure comparison for passwords
bbc1553 
Use a constant-time byte-by-byte secure comparison to compare potential
password hashes rather than `String#==`, which uses strcmp under the
hood and stops as soon as there's an unmatched byte.
@glittershark
Copy link
Author

glittershark commented Aug 6, 2015

see #42, which I didn't notice until after I did this.

@glittershark
Copy link
Author

glittershark commented Aug 6, 2015

Also, this is breaking on a build on ruby-head - don't know if that's my fault

@tenderlove tenderlove closed this Oct 27, 2015
@tenderlove tenderlove reopened this Oct 27, 2015
@tenderlove
Copy link
Collaborator

tenderlove commented Oct 27, 2015

(Bumping for CI)

@tenderlove
Copy link
Collaborator

tenderlove commented Oct 27, 2015

As I said in #43, I don't think this buys us anything, but I'll let @tjschuck decide since he is the current maintainer.

@paragonie-scott
Copy link

paragonie-scott commented Feb 17, 2016

It buys nothing except "we're following best practices," which is in itself valuable.

@fawaf
Copy link

fawaf commented Apr 9, 2016

another +1

@Papierkorb
Copy link

Papierkorb commented Apr 21, 2016

👍 from me too

@marekciupak
Copy link

marekciupak commented Nov 13, 2016

It is described in #43 why it is not necessary in this case. Has anything changed since then?

@itay-grudev
Copy link

itay-grudev commented Aug 26, 2022
edited
Loading

@codahale

bcrypt's preimage resistance makes timing attacks a non-issue here.

Bcrypt has preimage resistance according to known methods. Science is a process and remember md5 was state of the art and invulnerable at some time. This extra safety precaution causes no practical performance hit, but increases security by a significant amount. Dismissing this best practice is simply naive as it exists for a reason.

There is really no practical argument here, not to include this. The negligible performance decrease is not worth the security decrease.

@codahale
Copy link
Contributor

codahale commented Aug 26, 2022

I’m not sure why you saw fit to resurrect a decade-old issue and specifically tag me but here we go.

  1. I don’t have commit access to this repo and couldn’t merge this even if I wanted to.
  2. I’m not a maintainer for this project and haven’t committed to it since 2009.
  3. I haven’t worked with Ruby for more than a decade.
  4. Even if I were the person you needed to convince, your argument is not convincing.

Leave me alone.

@tenderlove tenderlove mentioned this pull request Oct 29, 2024
Merged
@tenderlove
Copy link
Collaborator

tenderlove commented Oct 29, 2024

Closing in favor of #282. @glittershark I cherry-picked your commit in to #282 then added some trivial performance related stuff (specifically just avoiding array allocations).

@tenderlove tenderlove closed this Oct 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@glittershark @tenderlove @paragonie-scott @fawaf @Papierkorb @marekciupak @itay-grudev @codahale