Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Secure string compare function

Tags:

I just came across this code in the HTTP Auth library of the Zend Framework. It seems to be using a special string compare function to make it more secure. However, I don't quite understand the comments. Could anybody explain why this function is more secure than doing $a == $b?

/**  * Securely compare two strings for equality while avoided C level memcmp()  * optimisations capable of leaking timing information useful to an attacker  * attempting to iteratively guess the unknown string (e.g. password) being  * compared against.  *  * @param string $a  * @param string $b  * @return bool  */ protected function _secureStringCompare($a, $b) {     if (strlen($a) !== strlen($b)) {         return false;     }     $result = 0;     for ($i = 0; $i < strlen($a); $i++) {         $result |= ord($a[$i]) ^ ord($b[$i]);     }     return $result == 0; } 
like image 392
laurent Avatar asked May 14 '12 02:05

laurent


People also ask

Can we use == for string comparison?

You should not use == (equality operator) to compare these strings because they compare the reference of the string, i.e. whether they are the same object or not. On the other hand, equals() method compares whether the value of the strings is equal, and not the object itself.

What is the function of string compare?

The function strcmp() is a built-in library function and it is declared in “string. h” header file. This function is used to compare the string arguments. It compares strings lexicographically which means it compares both the strings character by character.

What is a secure string?

SecureString is a string type that provides a measure of security. It tries to avoid storing potentially sensitive strings in process memory as plain text.


1 Answers

It looks like they're trying to prevent timing attacks.

In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input.

Basically, if it takes a different amount of time to compare a correct password and an incorrect password, then you can use the timing to figure out how many characters of the password you've guessed correctly.

Consider an extremely flawed string comparison (this is basically the normal string equality function, with an obvious wait added):

function compare(a, b) {     if(len(a) !== len(b)) {          return false;     }     for(i = 0; i < len(a); ++i) {         if(a[i] !== b[i]) {             return false;         }         wait(10); // wait 10 ms     }     return true; } 

Say you give a password and it (consistently) takes some amount of time for one password, and about 10 ms longer for another. What does this tell you? It means the second password has one more character correct than the first one.

This lets you do movie hacking -- where you guess a password one character at a time (which is much easier than guessing every single possible password).

In the real world, there's other factors involved, so you have to try a password many, many times to handle the randomness of the real world, but you can still try every one character password until one is obviously taking longer, then start on two character password, and so on.

This function still has a minor problem here:

if(strlen($a) !== strlen($b)) {      return false; } 

It lets you use timing attacks to figure out the correct length of the password, which lets you not bother guessing any shorter or longer passwords. In general, you want to hash your passwords first (which will create equal-length strings), so I'm guessing they didn't consider it to be a problem.

like image 132
Brendan Long Avatar answered Sep 23 '22 09:09

Brendan Long