-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13252/#review24750
-----------------------------------------------------------
There is a problem on line 86 with the order of the test. As is the code first
checks to see whether there is a real user and, only if he is, will the
constantTimeEquals() comparison be done:
return realUser && constantTimeEquals(realPassword, hashedPassword);
This test should be reversed like so:
return constantTimeEquals(realPassword, hashedPassword) && realUser;
This way authentication will take the same amount of time regardless of whether
the user exists, thus mitigating the timing attack.
- Demetrius Tsitrelis
On Aug. 6, 2013, 9:51 p.m., Amogh Vasekar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/13252/
> -----------------------------------------------------------
>
> (Updated Aug. 6, 2013, 9:51 p.m.)
>
>
> Review request for cloudstack and John Kinsella.
>
>
> Bugs: https://issues.apache.org/jira/browse/CLOUDSTACK-2312 and
> https://issues.apache.org/jira/browse/CLOUDSTACK-2314
>
>
> Repository: cloudstack-git
>
>
> Description
> -------
>
> 1. Fix timing attack by using a constant-time comparison function
> 2. Increase salt size
> 3. Make flow for invalid user go through full normal execution using a fake
> password and salt
>
>
> Diffs
> -----
>
>
> plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
> da939273ea10bff3b2687c9684edf8a5d0ab4b2e
>
> Diff: https://reviews.apache.org/r/13252/diff/
>
>
> Testing
> -------
>
> Local environment
>
>
> Thanks,
>
> Amogh Vasekar
>
>
