[英]Is bcrypt.compare vulnerable to timing attack
In Node.js web development I saw it as a common practice to use bcrypt
for hashing and comparison of password.在 Node.js Web 开发中,我认为使用
bcrypt
进行散列和密码比较是一种常见做法。 Is bcrypt.compare
vulnerable to timing attack ? bcrypt.compare
容易受到定时攻击吗?
Original post:原帖:
It depends on the implementation of the bcrypt module you're using.这取决于您使用的 bcrypt 模块的实现。 bcrypt itself is just a key derivation function and does not indicate how comparison should be done.
bcrypt 本身只是一个密钥推导函数,并不表示应该如何进行比较。 In theory, a
bcrypt.compare
function that compared hashes with a naive string ===
comparison could leak information about the hash.理论上,将哈希值与简单字符串
===
比较的bcrypt.compare
函数可能会泄露有关哈希值的信息。
However, assuming you're referring to the most widely used bcrypt
module for Node.js, the bcrypt.compare
function is implemented using a timing safe CompareStrings
function.但是,假设您指的是 Node.js 中使用最广泛的
bcrypt
模块,则bcrypt.compare
函数是使用时序安全的CompareStrings
函数实现的。 This function always compares all characters in the hash before breaking, which prevents it from revealing where/when the comparison failed.此函数总是在中断之前比较散列中的所有字符,从而防止它显示比较失败的位置/时间。
Important update:重要更新:
The bcrypt.compare function liked above is no longer timing safe, however this has been discussed in various places (for example here and here ) and the consensus seems to be that this doesn't matter because bcrypt itself is not vulnerable to timing attacks:上面喜欢的 bcrypt.compare 函数不再是时间安全的,但是这已经在很多地方讨论过(例如这里和这里)并且共识似乎是这并不重要,因为 bcrypt 本身不容易受到时间攻击:
One of the desired properties of a cryptographic hash function is preimage attack resistance, which means there is no shortcut for generating a message which, when hashed, produces a specific digest.
加密散列函数的一个理想特性是抗原像攻击,这意味着没有生成消息的捷径,该消息在散列时会产生特定的摘要。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.