安全比较和简单==(=)有什么区别 [英] What's the difference between a secure compare and a simple ==(=)

问题描述

Github的保护webhooks页面说:

不建议使用普通的==运算符.像secure_compare这样的方法执行恒定时间"字符串比较，从而使其免受常规正则运算符的某些定时攻击.

Using a plain == operator is not advised. A method like secure_compare performs a "constant time" string comparison, which renders it safe from certain timing attacks against regular equality operators.

比较密码时，我使用bcrypt.compare('string', 'computed hash').

是什么使它成为安全比较"，我可以使用Node中的标准crypto库来做到这一点吗?

What makes this a "secure compare" and can I do this using the standard crypto library in Node?

推荐答案

恒定时间"字符串比较的要点是，无论比较目标是什么，该比较将花费完全相同的时间量(未知值).此恒定时间"不会向攻击者显示有关未知目标值可能是什么的信息.通常的解决方案是，即使发现不匹配的情况，也要比较所有字符，因此无论在何处发现不匹配的情况，比较都会在相同的时间内进行.

The point of a "constant time" string comparison is that the comparison will take the exact same amount of time no matter what the comparison target is (the unknown value). This "constant time" reveals no information to an attacker about what the unknown target value might be. The usual solution is that all characters are compared, even after a mismatch is found so no matter where a mismatch is found, the comparison runs in the same amount of time.

当某些条件为真时，其他形式的比较可能会在较短的时间内返回答案，这使攻击者可以了解它们可能缺少的内容.例如，在典型的字符串比较中，一旦发现不相等的字符，该比较将返回false.如果第一个字符不匹配，则比返回的时间短.勤奋的攻击者可以使用此信息进行更聪明的暴力攻击.

Other forms of comparison might return an answer in a shorter time when certain conditions are true which allows an attacker to learn what they might be missing. For example, in a typical string comparison, the comparison will return false as soon as an unequal character is found. If the first character does not match, then the comparison will return in a shorter amount of time than if it does. A diligent attacker can use this information to make a smarter brute force attack.

恒定时间"比较消除了这些额外的信息，因为无论两个字符串如何不相等，该函数都会在相同的时间内返回其值.

A "constant time" comparison eliminates this extra information because no matter how the two strings are unequal, the function will return its value in the same amount of time.

查看 nodejs v4加密库时，我看不到任何迹象用于进行持续时间比较的功能，并且根据这篇文章，这里有一个关于以下事实的讨论: nodejs加密库缺少此功能.

In looking at the nodejs v4 crypto library, I don't see any signs of a function to do constant time comparison and per this post, there is a discussion about the fact that the nodejs crypto library is missing this functionality.

节点v6现在具有 crypto.timingSafeEqual(a, b) .

Node v6 now has crypto.timingSafeEqual(a, b).

此 buffer-equal-固定时间模块.

这篇关于安全比较和简单==(=)有什么区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！