Re: [dev] [ubase] [PATCH 2/2] su: use "constant time" memcmp to compare password

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Dimitris Papastamos <sin_AT_2f30.org>
Date: Wed, 30 Apr 2014 10:32:26 +0100

On Wed, Apr 30, 2014 at 12:24:29AM +0200, Jakob Kramer wrote:

> static void
> usage(void)
> _AT_@ -86,7 +87,7 @@ main(int argc, char *argv[])
> if (!cryptpass)
> eprintf("crypt:");
>
> - if (strcmp(cryptpass, spw->sp_pwdp) != 0)
> + if (passcmp(cryptpass, spw->sp_pwdp, strlen(cryptpass)) != 0)
> eprintf(randreply());

Assuming the provided plaintext password is very close to the correct
password, isn't crypt() expected to do a good job and distribute the
cryptpass in such way to make it dissimilar to the encrypted password?

In other words, the lack of "randomness" in the source should not propagate
to the destination/outcome.

If this is not the case and it is possible to do a timing-attack here then
I am going to apply the patch.

Thoughts?
Received on Wed Apr 30 2014 - 11:32:26 CEST

This archive was generated by hypermail 2.3.0 : Wed Apr 30 2014 - 11:36:06 CEST