Details
-
Bug
-
Status: Resolved
-
Trivial
-
Resolution: Resolved
-
1.2.2
-
None
-
Mac OS X 10.8.3, Java 1.6.0_51
Description
Use of the String equals comparison for the password hash comparison could leak timing information since it returns false as soon a character does not match.
DefaultPasswordService>>passwordsMatch(Object submittedPlaintext, String saved)
Last line is:
return saved.equals(formatted); //saved and formatted are strings
A possible constant time equals could be:
private boolean constantEquals(String s1, String s2)
{
/*
- Alternative option (simpler but I'm not sure about the intern 'cost'):
- s1.intern();
- s2.intern();
- s1 == s2
*/
int result = 0;
byte[] a = s1.getBytes();
byte[] b = s2.getBytes();
// Also leaks timing information but probably ok...
if (a.length != b.length)
/*
- XOR each byte. If each byte is the
- same the XOR will result in 0.
*/
for (int i = 0; i < a.length; i++) { result |= a[i] ^ b[i]; }return result == 0;
}
