安全比较和简单的 ==(=) 之间有什么区别 [英] What's the difference between a secure compare and a simple ==(=)
问题描述
Github 的 保护 webhooks 页面 说:
Github's securing webhooks page says:
不建议使用普通的 == 运算符.secure_compare 之类的方法执行恒定时间"字符串比较,从而使其免受针对常规相等运算符的某些定时攻击.
Using a plain
==operator is not advised. A method likesecure_compareperforms a "constant time" string comparison, which renders it safe from certain timing attacks against regular equality operators.
我在比较密码时使用 bcrypt.compare('string', 'computed hash').
I use bcrypt.compare('string', 'computed hash') when comparing passwords.
是什么使它成为安全比较",我可以使用 Node 中的标准 crypto 库来做到这一点吗?
What makes this a "secure compare" and can I do this using the standard crypto library in Node?
推荐答案
恒定时间"字符串比较的要点是,无论比较目标是什么(未知值),比较都会花费完全相同的时间).这个恒定时间"不会向攻击者透露关于未知目标值可能是什么的信息.通常的解决方案是比较所有字符,即使在发现不匹配之后也是如此,因此无论在哪里发现不匹配,比较都会在相同的时间内运行.
The point of a "constant time" string comparison is that the comparison will take the exact same amount of time no matter what the comparison target is (the unknown value). This "constant time" reveals no information to an attacker about what the unknown target value might be. The usual solution is that all characters are compared, even after a mismatch is found so no matter where a mismatch is found, the comparison runs in the same amount of time.
当某些条件成立时,其他形式的比较可能会在更短的时间内返回答案,从而使攻击者能够了解他们可能遗漏的内容.例如,在典型的字符串比较中,一旦发现不相等的字符,比较就会返回 false.如果第一个字符不匹配,则比较将在比匹配时更短的时间内返回.勤奋的攻击者可以使用此信息进行更智能的暴力攻击.
Other forms of comparison might return an answer in a shorter time when certain conditions are true which allows an attacker to learn what they might be missing. For example, in a typical string comparison, the comparison will return false as soon as an unequal character is found. If the first character does not match, then the comparison will return in a shorter amount of time than if it does. A diligent attacker can use this information to make a smarter brute force attack.
恒定时间"比较消除了这些额外信息,因为无论两个字符串如何不相等,函数都会在相同的时间内返回其值.
A "constant time" comparison eliminates this extra information because no matter how the two strings are unequal, the function will return its value in the same amount of time.
在查看 nodejs v4 加密库时,我看不到任何迹象进行恒定时间比较的函数,根据 这篇文章,有一个关于以下事实的讨论nodejs 加密库缺少此功能.
In looking at the nodejs v4 crypto library, I don't see any signs of a function to do constant time comparison and per this post, there is a discussion about the fact that the nodejs crypto library is missing this functionality.
Node v6 现在有 crypto.timingSafeEqual(a, b).
Node v6 now has crypto.timingSafeEqual(a, b).
这个buffer-equal-中也有这样的常数时间比较功能恒定时间模块.
这篇关于安全比较和简单的 ==(=) 之间有什么区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
