Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security vulnerability: timing attack #6

Closed
coolaj86 opened this issue Aug 3, 2023 · 2 comments
Closed

Security vulnerability: timing attack #6

coolaj86 opened this issue Aug 3, 2023 · 2 comments
Labels

Comments

@coolaj86
Copy link
Contributor

coolaj86 commented Aug 3, 2023

Checking the signature with == allows an attacker to compare timing results between attempts, walking the prefix of the signature until the whole signature is found.

return expectedSignature === this.sign(requestBody)

Using a plain == operator is not advised. A method like secure_compare performs a "constant time" string comparison, which helps mitigate certain timing attacks against regular equality operators.

https://docs.github.com/en/webhooks-and-events/webhooks/securing-your-webhooks

Node provides crypto.timingSafeEqual(a, b).

A runtime-agnostic alternative would be to loop over the string like so:

function verify(a ,b) {
  let count = _verify(a, b,);
  let same = count === 0;
  return same;
}

function _verify(a, b) {
  let count = 0;
  for (let i = 0; i < a.length; i += 1) {
    if (a[i] !== b[i]) {
      count += 1;
    }
  }

  return count;
}

There's a possibility that with a pure JavaScript implementation the JIT optimizer will still detect the early return path, causing the timing vulnerability to still exist. That's why I use a count rather than a simple boolean, and run the compare in a separate function. If the optimizer sees that it needs to return the value of count, it should be less likely to short circuit the loop.

@compwright compwright added the bug label Aug 3, 2023
@compwright
Copy link
Owner

@coolaj86 thanks for reporting. I'd welcome a pull request on this.

compwright pushed a commit that referenced this issue Oct 1, 2023
@G-Rath
Copy link

G-Rath commented Jan 20, 2024

@compwright since this is a security vulnerability, I'd recommend publishing a security advisory

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants