bcrypt.compare 是否容易受到时序攻击
[英]Is bcrypt.compare vulnerable to timing attack
问题描述
In Node.js web development I saw it as a common practice to use bcrypt for hashing and comparison of password.
在 Node.js Web 开发中,我认为使用bcrypt进行散列和密码比较是一种常见做法。 Is bcrypt.compare vulnerable to timing attack ? bcrypt.compare容易受到定时攻击吗?
1 个解决方案
解决方案1
5 2016-03-21 15:59:59
Original post:原帖:
It depends on the implementation of the bcrypt module you're using.这取决于您使用的 bcrypt 模块的实现。 bcrypt itself is just a key derivation function and does not indicate how comparison should be done. bcrypt 本身只是一个密钥推导函数,并不表示应该如何进行比较。 In theory, a bcrypt.compare function that compared hashes with a naive string === comparison could leak information about the hash.理论上,将哈希值与简单字符串===比较的bcrypt.compare函数可能会泄露有关哈希值的信息。
However, assuming you're referring to the most widely used bcrypt module for Node.js, the bcrypt.compare function is implemented using a timing safe CompareStrings function.但是,假设您指的是 Node.js 中使用最广泛的bcrypt模块,则bcrypt.compare函数是使用时序安全的CompareStrings函数实现的。 This function always compares all characters in the hash before breaking, which prevents it from revealing where/when the comparison failed.此函数总是在中断之前比较散列中的所有字符,从而防止它显示比较失败的位置/时间。
Important update:重要更新:
The bcrypt.compare function liked above is no longer timing safe, however this has been discussed in various places (for example here and here ) and the consensus seems to be that this doesn't matter because bcrypt itself is not vulnerable to timing attacks:上面喜欢的 bcrypt.compare 函数不再是时间安全的,但是这已经在很多地方讨论过(例如这里和这里)并且共识似乎是这并不重要,因为 bcrypt 本身不容易受到时间攻击:
One of the desired properties of a cryptographic hash function is preimage attack resistance, which means there is no shortcut for generating a message which, when hashed, produces a specific digest.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.