mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Valliere (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FTPSERVER-485) Timing Side Channel PasswordEncryptor
Date Fri, 20 Apr 2018 19:22:00 GMT

    [ https://issues.apache.org/jira/browse/FTPSERVER-485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16446238#comment-16446238
] 

Jonathan Valliere commented on FTPSERVER-485:
---------------------------------------------

{quote}
and after this comment I'm going to be one week off my computer
{quote}
Have fun!

{quote}
 Ideally speaking, it would be worthy to pad the target so that the password has always the
same length (like, 1024 chars). This is the only way to be sure we won't have leakage
{quote}

hehe, modulo both the input and target lengths up to 1024 cycles then limit all password lengths
to 1024 characters

> Timing Side Channel PasswordEncryptor
> -------------------------------------
>
>                 Key: FTPSERVER-485
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-485
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.1.1
>         Environment: tested on macOS High Sierra 10.13.4, but it is not relevant
>            Reporter: Yannic Noller
>            Assignee: Jonathan Valliere
>            Priority: Major
>              Labels: easyfix, pull-request-available
>             Fix For: 1.1.2
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Dear Apache FTPServer developers,
> We have found a timing side-channel in class org.apache.ftpserver.usermanager.ClearTextPasswordEncryptor,
method "public boolean matches(String passwordToCheck, String storedPassword)". This is due
to the use of String.equals for comparison which returns as soon as a character does not match.
This represents a timing side channel, which could be used by a potential attacker to obtain
knowledge about the hidden secret password.
> Do you agree with our findings?
> A similar issue is present in method "matches" from classes org.apache.ftpserver.usermanager.Md5PasswordEncryptor
and org.apache.ftpserver.usermanager.SaltedPasswordEncryptor.
> We found these classes in the latest version of your git repo: https://git-wip-us.apache.org/repos/asf?p=mina-ftpserver.git;a=summary
> The problem can be fixed easily by using the following safe version for String comparison
in all three methods:
> public boolean isEqual_safe(String a, String b) {
>         char a_value[] = a.toCharArray();
>         char b_value[] = b.toCharArray();
>         boolean unused;
>         boolean matches = true;
>         for (int i = 0; i < a_value.length; i++) {
>             if (i < b_value.length) {
>                 if (a_value[i] != b_value[i]) {
>                     matches = false;
>                 } else {
>                     unused = true;
>                 }
>             } else {
>                 unused = false;
>                 unused = true;
>             }
>         }
>         return matches;
>  }
> Do you agree with our patch proposal?
> Please feel free to contact us for further clarification! You can reach us by the following
email address:
> yannic.noller@informatik.hu-berlin.de
> Best regards,
> Yannic Noller



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message