In Node.js web development I saw it as a common practice to use bcrypt
for hashing and comparison of password. Is bcrypt.compare
vulnerable to timing attack ?
Original post:
It depends on the implementation of the bcrypt module you're using. bcrypt itself is just a key derivation function and does not indicate how comparison should be done. In theory, a bcrypt.compare
function that compared hashes with a naive string ===
comparison could leak information about the hash.
However, assuming you're referring to the most widely used bcrypt
module for Node.js, the bcrypt.compare
function is implemented using a timing safe CompareStrings
function. This function always compares all characters in the hash before breaking, which prevents it from revealing where/when the comparison failed.
Important update:
The bcrypt.compare function liked above is no longer timing safe, however this has been discussed in various places (for example here and here ) and the consensus seems to be that this doesn't matter because bcrypt itself is not vulnerable to timing attacks:
One of the desired properties of a cryptographic hash function is preimage attack resistance, which means there is no shortcut for generating a message which, when hashed, produces a specific digest.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.