Hello internals, I've submitted this PR a long time ago: https://github.com/php/php-src/pull/792
I still think it's a good idea to mitigate the length leak (rather than returning immediately if strings are not of the same length) while advertising in docs that the length will leak in any case. php.net doc has been fixed, but - for instance - this is not the case of the Symfony doc: http://symfony.com/doc/current/components/security/secure_tools.html (this method internally use hash_equals, I've just submitted a PR to fix this doc but I'm sure there is a lot of other misuses in the wild). To summarize: a theoretical (especially for web apps, more annoying for CLI apps) and advertised leak is better than a big undocumented leak. Can you merge this PR? 2014-08-31 12:59 GMT+02:00 Kévin Dunglas <dung...@gmail.com>: > Hi, > > I've submitted a PR to make the hash_equals function leak less information > about compared strings' lengths (benchmark and use cases available in > comments): https://github.com/php/php-src/pull/792 > > Trying to hide length is needed to replace Symfony and Joomla PHP > implementations by hash_equals (when available). > > The idea: > - clearly advert in the documentation that this function can potentially > leak lengths > - Try to make it harder for an attacker by using a robuster implementation. > > If there there is an agreement to use this kind of implementation, I'll > rework the PR to use some tricks from the CPython one ( > https://github.com/python/cpython/blob/c7688b44387d116522ff53c0927169db45969f0e/Modules/_operator.c#L175 > - use of volatile and no modulo). > > Best regards, > -- > Kévin Dunglas > > http://dunglas.fr > -- Kévin Dunglas Consultant et développeur freelance http://dunglas.fr Tél. : 06 60 91 20 20
