I reported this last year as well with fixes, but the general consensus at the time was that it was not feasible:
http://groups.google.com/group/oauth/browse_thread/thread/a676f59fcbc9728b/37ba890b73bb8035 I agree that it is pretty easy to fix. P On Thu, Jul 15, 2010 at 12:14 AM, John Kristian <[email protected]> wrote: > Thanks for the warning. > > I'd be happy to fix the Java code, but I'll need some guidance. The > last time someone pointed out this attack, I attempted a defense; that > is the signature validation functions call a function like the > following (in OAuthSignatureMethod.java). I don't know how to improve > on this. > > public static boolean equals(byte[] a, byte[] b) { > if (a == null) > return b == null; > else if (b == null) > return false; > else if (b.length <= 0) > return a.length <= 0; > byte diff = (byte) ((a.length == b.length) ? 0 : 1); > int j = 0; > for (int i = 0; i < a.length; ++i) { > diff |= a[i] ^ b[j]; > j = (j + 1) % b.length; > } > return diff == 0; > } > > On Jul 14, 5:30 am, taylor <[email protected]> wrote: >> There is a timing vulnerability in the following functions/files: >> >> check_signature in file python/oauth/oauth.py >> isValid in java/core/src/main/java/net/oauth/signature/HMAC_SHA1.java >> equals in java/core/src/main/java/net/oauth/OAuth.java >> check_signature in php/OAuth.php >> verify in ruby/oauth/oauth/signature/base.rb >> >> There may be additional timing vulnerabilities present in OAuth, >> especially in implementations for other languages. >> >> The ==, !=, and Arrays.equals functions terminate early, allowing an >> attacker to >> incrementally guess the correct HMAC for an arbitrary message by >> repeatedly sending a bogus message with a given HMAC and measuring how >> long it takes for the server to terminate the connection. Since the >> comparison takes longer the more bytes an attacker gets correct, this >> allows a client to forge messages with arbitrary contents that will be >> accepted as valid by the server. >> >> The fix is simple -- implement a function that is timing-independent >> for comparing secret values. > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > -- http://agree2.com - Reach Agreement! http://stakeventures.com - My blog about startups and agile banking -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
