Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

what is the purpose of safe_string_cmp?

Tags:

werkzeug

New to Flask and was going through a course that describes how to make a REST API.

Author of the course suggested using safe_str_cmp from werkzeug.security in the authentication chapter.

I'd appreciate if someone could help understand what is the purpose of that function and when/why it should be used.

like image 961
Rotkiv Avatar asked Dec 01 '19 23:12

Rotkiv

1 Answers

The obvious algorithm to test for string equality is something like this:

def strings_equal(s1, s2):
    if len(s1) != len(s2):
        return False
    for i in range(len(s1)):
        if s1[i] != s2[i]:
            return False
    return True

However, there is a subtle problem with using this algorithm to compare password hashes. The return from inside the loop makes the algorithm faster when the two strings have different characters near the beginning, and slower when they have the same characters near the beginning.

This makes the comparison vulnerable to a timing attack; by trying a password with a known hash and measuring the average time it takes for the password to be rejected, it is possible for the attacker to statistically determine how many of the same characters there are at the beginnings of both hashes. By trying a sequence of different hashes to successively discover one or two bytes of the real password hash at a time, the attacker can deduce a large portion of it, and then attempt to crack it locally.

The secure string comparison algorithm might look something like this:

# warning: example only! this hasn't been proven secure!
# don't use in real code!

def strings_equal(s1, s2):
    if len(s1) != len(s2):
        return False
    result = True
    for i in range(len(s1)):
        # use & for non-short-circuiting
        result = result & (s1[i] == s2[i])
    return result

Since all password hashes using the same hashing algorithm should have the same length, this comparison ideally should always take the same amount of time to compare two hashes, preventing a timing attack. More generally, you should use a secure string comparison function any time you are comparing user input with any secret string.

like image 137
kaya3 Avatar answered Sep 16 '22 15:09

kaya3
Sign in to Comment

Related questions

Custom abort mapping/exceptions in Flask
What is the best practice for changing headers in a Flask request?
how to store binary file recieved by Flask into postgres
Url structure and form posts with Flask
Match an arbitrary path, or the empty string, without adding multiple Flask route decorators
cannot import name 'secure_filename' from 'werkzeug'
How to validate integer range in Flask routing (Werkzeug)?
Is there a way to get the value of nested dict in Immutabledict sent via request of werkzeug(flask)?
Parse X-Forwarded-For to get ip with werkzeug on Heroku
Capture a list of integers with a Flask route
Redirecting an old URL to a new one with Flask micro-framework
Detecting whether a Flask app handles a URL
Why does Flask use port 5000 locally and 80 when deployed?
Are there objects for which it is impossible to create a deep copy?
flask application timeout with amazon load balancer
werkzeug generate_password_hash, is there any point?
Flask - Get the name of an uploaded file minus the file extension
How can I securely pass an arbitrarily deep path to a webapp (Flask, in this case)?
Flask app wrapped with DispatcherMiddleware no longer has test_client
Flask - headers are not converted to unicode?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!