Re: httpd - side channel attack - timing of digest comparisons

2015-05-28 Thread Dirk-Willem van Gulik
> On 28 May 2015, at 17:24, Dirk-Willem van Gulik wrote: > > >> On 28 May 2015, at 17:03, William A Rowe Jr > > wrote: >> >> >> On May 26, 2015 10:31 AM, "Dirk-Willem van Gulik" > > wrote: >> > >> > >> > > On 26 May 2015, at 17:22, Dirk

Re: httpd - side channel attack - timing of digest comparisons

2015-05-28 Thread Dirk-Willem van Gulik
> On 28 May 2015, at 17:03, William A Rowe Jr wrote: > > > On May 26, 2015 10:31 AM, "Dirk-Willem van Gulik" > wrote: > > > > > > > On 26 May 2015, at 17:22, Dirk-Willem van Gulik > > > wrote: > > .. > > > So I think that what is neede

Re: httpd - side channel attack - timing of digest comparisons

2015-05-28 Thread William A Rowe Jr
On May 26, 2015 10:31 AM, "Dirk-Willem van Gulik" wrote: > > > > On 26 May 2015, at 17:22, Dirk-Willem van Gulik wrote: > .. > > So I think that what is needed are two (or three) functions > ... > > - A string comparison function; where at least one string is is under control of the attacker.

Re: httpd - side channel attack - timing of digest comparisons

2015-05-26 Thread Dirk-Willem van Gulik
> On 26 May 2015, at 17:22, Dirk-Willem van Gulik wrote: .. > So I think that what is needed are two (or three) functions ... > - A string comparison function; where at least one string is is under > control of the attacker. Now the issue here is that length is every easily revealed. So I c

Re: httpd - side channel attack - timing of digest comparisons

2015-05-26 Thread Dirk-Willem van Gulik
Folks, Did a scan through a fair bit of our code. mod_digest is not the only place; e.g. in basic auth; we are also not as careful in all cases as we could be. So I think that what is needed are two (or three) functions - A fairly mundane (binary) timing safe compare that compares two fi

Re: httpd - side channel attack - timing of digest comparisons

2015-05-21 Thread Dirk-Willem van Gulik
Very quick and dirty list of the most obvious places where we compare stuff. Currently trying to find some time to figure out if these are all vulnerable; or if it is just the two outer ones. Dw. Index: modules/aaa/mod_auth_digest.c ==

httpd - side channel attack - timing of digest comparisons

2015-05-21 Thread Dirk-Willem van Gulik
Folks, security@ got a notification of a potential side channel attack. The original message is below (sans details on the poster who wants to remain private). In short - we’re comparing the digest in mod-auth-digest in a manner that may reveal how much is actually correct; leading potentially