[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Time Invariant String Comparison
- From: "Pierre Chapuis" <catwell@...>
- Date: Thu, 16 Jan 2014 17:15:51 +0100
> On Thu, Jan 16, 2014 at 5:01 AM, Oliver Kroth <oliver.kroth@nec-i.de>
> wrote:
>> Why not use hashed passwords, which is a better idea anyway as this
>> takes a
>> length independent time, and you may store the credentials in a safe
>> way?
>
> This is the best solution to the problem. The hashing function has
> fixed-length output making the comparison immune to timing attacks,
> and its own execution time is based only on the length of the input
> and leaks no information about the real password.
+1. If you are storing passwords in cleartext timing attacks should
be the least of your worries. Use a good hashing function instead,
like bcrypt [1], scrypt or PBKDF2. See [2] to understand why those
ones and not generic hashing functions.
[1] https://github.com/mikejsavage/lua-bcrypt
[2] http://codahale.com/how-to-safely-store-a-password/