Don't use "phutil_hashes_are_identical()" to compare public keys

Authored by epriestley on Oct 29 2019, 1:28 AM.


Don't use "phutil_hashes_are_identical()" to compare public keys

Ref T13436. There's no real security value to doing this comparison, it just wards off evil "security researchers" who get upset if you ever compare two strings with a non-constant-time algorithm.

In practice, SSH public keys are pretty long, pretty public, and have pretty similar lengths. This leads to a relatively large amount of work to do constant-time comparisons on them (we frequently can't abort early after identifying differing string length).

Test Plan: Ran bin/ssh-auth --sshd-key ... on secure with ~1K keys, saw runtime drop by ~50% (~400ms to ~200ms) with ===.

Maniphest Tasks: T13436

Differential Revision: https://secure.phabricator.com/D20875