Scott Arciszewski wrote on 25/11/2014 15:37:
Hi Internals!
I've submitted a PR based on Frank Denis's work in libsodium that makes
bin2hex() run in constant time () as an improvement to mitigate
cache-timing attacks. My motivation for doing so is that many developers
(including myself) use base-16 and base-64 encoding to store cryptographic
secrets in configuration files.
Stanislav Malyshev wrote:
If we worry about such things just replacing random functions is not
enough - you should be sure *all* functions that handle your secret are
constant-time, including the engine primitives, etc. I'm not sure just
having one function does anything. But maybe I'm missing something here.
I would like to, at the minimum, suggest making the following functions run
in constant time:
* bin2hex()
* hex2bin()
* base64_encode()
* base64_decode()
* mcrypt_encrypt() -- requires delving into libmcrypt, which has been
collecting dust since 2007 and probably doesn't support AES-NI
* mcrypt_decrypt() -- ditto
This is only the ones I'm aware of; there are probably many others that may
be used that could benefit from similar enhancements.
You might want to have a read of the mail logs discussing the
timing-safe string comparison RFC from a few months ago
https://wiki.php.net/rfc/timing_attack
I believe during that discussion some examples were raised of how the
code around the comparison function could still be amenable to timing
attacks, and whether the function was still worthwhile or not.
Regards,
--
Rowan Collins
[IMSoP]
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
