#15627: check_password should use constant_time_compare instead of == to check
passwords
---------------------------------------------+-----------------------
Reporter: hvdklauw | Owner: nobody
Status: closed | Milestone: 1.3
Component: Authentication | Version: 1.3-rc1
Resolution: fixed | Keywords:
Triage Stage: Ready for checkin | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 |
---------------------------------------------+-----------------------
Comment (by lukeplant):
For the record, this code is not actually vulnerable to a timing-based
attack, as neither of the strings compared by the '==' is user supplied,
or can be controlled easily by the user.
To actually attack this code using a timing-attacks, you would have to:
1. Know the salt that was stored
2. Generate a password that, when passed through `get_hexdigest(algo,
salt, raw_password)` would produce a given prefix, e.g. 'a', 'aa', 'ab',
'aab' etc. This is Hard - we store password hashes precisely because going
from the hash (or part of the hash) to the string that generated it is
difficult.
3. In this way, control the RHS of the comparison, and by measuring
timings eventually extract the hash (and therefore the password which you
generated in step 2).
But anyway.
--
Ticket URL: <http://code.djangoproject.com/ticket/15627#comment:3>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
