-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SRP: Use constant time comparisons of secrets #19
Comments
Ah. I didn't see that the readme explicitly says this doesn't do constant time comparisons. |
And so closing. |
I will reopen this issue, as it's quite easy to fix by using |
There's no strong reason to not use a constant-time comparison, but:
I think PAKEs in general are safer against timing attacks because all the secrets tend to be single-use. |
warner
changed the title
Use constant time comparisons of secrets
SRP: Use constant time comparisons of secrets
Aug 8, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In
srp/src/server.rs
for example, we seewhere the types are byte slices,
&[u8]
. I suspect that the same kind of thing appears throughout the code (although I haven't checked).That will result in a non-constant time comparison, and expose this to timing attacks.
I am new to Rust, so take my suggestion with a large grain of salt. It seems that if we create a trait for secrets and then implement comparison tests for that trait with constant time checks, we could use Rust's type system to enforce that we always have constant time comparisons.
The text was updated successfully, but these errors were encountered: