mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FTPSERVER-485) Timing Side Channel PasswordEncryptor
Date Fri, 20 Apr 2018 18:08:00 GMT

    [ https://issues.apache.org/jira/browse/FTPSERVER-485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16446110#comment-16446110
] 

Emmanuel Lecharny commented on FTPSERVER-485:
---------------------------------------------

Funny enough, before posting my first proposal, I came with another version that does not
check the length beforehand :

 

{code:java}
{code:java}
    private static boolean compare( String source, String target )
    {
        int result = 0;
        int sourceLen = source.length();
        int targetLen = target.length();
        
        for ( int i = 0; i < targetLen; i++ )
        {
            result |= source.charAt( i % sourceLen ) ^ target.charAt( i );
        }
        
        return result == 0 && sourceLen == targetLen;
    }
{code}

I have used a modulo check to avoid the multiple 'if'. Not sure if it's faster or slower :-)


> Timing Side Channel PasswordEncryptor
> -------------------------------------
>
>                 Key: FTPSERVER-485
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-485
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.1.1
>         Environment: tested on macOS High Sierra 10.13.4, but it is not relevant
>            Reporter: Yannic Noller
>            Assignee: Jonathan Valliere
>            Priority: Major
>              Labels: easyfix, pull-request-available
>             Fix For: 1.1.2
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Dear Apache FTPServer developers,
> We have found a timing side-channel in class org.apache.ftpserver.usermanager.ClearTextPasswordEncryptor,
method "public boolean matches(String passwordToCheck, String storedPassword)". This is due
to the use of String.equals for comparison which returns as soon as a character does not match.
This represents a timing side channel, which could be used by a potential attacker to obtain
knowledge about the hidden secret password.
> Do you agree with our findings?
> A similar issue is present in method "matches" from classes org.apache.ftpserver.usermanager.Md5PasswordEncryptor
and org.apache.ftpserver.usermanager.SaltedPasswordEncryptor.
> We found these classes in the latest version of your git repo: https://git-wip-us.apache.org/repos/asf?p=mina-ftpserver.git;a=summary
> The problem can be fixed easily by using the following safe version for String comparison
in all three methods:
> public boolean isEqual_safe(String a, String b) {
>         char a_value[] = a.toCharArray();
>         char b_value[] = b.toCharArray();
>         boolean unused;
>         boolean matches = true;
>         for (int i = 0; i < a_value.length; i++) {
>             if (i < b_value.length) {
>                 if (a_value[i] != b_value[i]) {
>                     matches = false;
>                 } else {
>                     unused = true;
>                 }
>             } else {
>                 unused = false;
>                 unused = true;
>             }
>         }
>         return matches;
>  }
> Do you agree with our patch proposal?
> Please feel free to contact us for further clarification! You can reach us by the following
email address:
> yannic.noller@informatik.hu-berlin.de
> Best regards,
> Yannic Noller



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message