Page MenuHomePhabricator

Don't use "phutil_hashes_are_identical()" to compare public keys
ClosedPublic

Authored by epriestley on Oct 29 2019, 1:31 AM.

Details

Summary

Ref T13436. There's no real security value to doing this comparison, it just wards off evil "security researchers" who get upset if you ever compare two strings with a non-constant-time algorithm.

In practice, SSH public keys are pretty long, pretty public, and have pretty similar lengths. This leads to a relatively large amount of work to do constant-time comparisons on them (we frequently can't abort early after identifying differing string length).

Test Plan

Ran bin/ssh-auth --sshd-key ... on secure with ~1K keys, saw runtime drop by ~50% (~400ms to ~200ms) with ===.

Diff Detail

Repository
rP Phabricator
Branch
ssh-auth-3
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 23593
Build 32429: Run Core Tests
Build 32428: arc lint + arc unit

Event Timeline

epriestley created this revision.Oct 29 2019, 1:31 AM
This revision was not accepted when it landed; it landed in state Needs Review.Oct 29 2019, 1:32 AM
epriestley requested review of this revision.
This revision was automatically updated to reflect the committed changes.
leoluk added a subscriber: leoluk.