- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
TRWTF is Unicode
Admin
My machine must be very old than, because it's two 64-bit cores can only change states 2.4 times in a nanosecond. Assuming 16-bit characters we could possibly process 4 characters per clock tick in one core. Since I have two cores I only get 2.4 * 2 * 4 = 19.2 characters processed in a nanosecond. With Hyperthreading and multiple pipelines the actual result might be better than that, but it will not "process two > 1,000-character passwords" in a nanosecond.
I envy you and your machine.
Admin
Wait, are you saying that I should...You dare turn my phrase around...You...Why...Oh snap.
Admin
for (int i = 0; i < psswd1.Length; i++) { if ((psswd1[i] != psswd2[i]) != Boolean.FileNotFound) return false; } return true;fixed.
Admin
Could be a false optimisation though, as in reality users do not compare objects against themselves and you are adding in one extra comparison to optimise the extremely rare case that they do.
It's similar to checking for self-assignment in C++ operator= overload. Actually preferable not to do so.
Admin
Admin
They actually do an object comparison in the library code for String.Equals() in the .Net framework (I looked it up). The reason for this is string interning.
Admin
pass1 = foo pass2 = foobar
Access allowed :)
Admin
checkPassword(actualPass, enteredPass): encrypt enteredPass with salt return enteredPass == actualPass
Assuming you grab the actual pass from the database and encrypt the entered pass correctly.
Admin
I mean *********
Admin
Oh no it isn't!
Admin
However, Brumley wasn't comparing passwords: he was timing cryptographic operations, operations that took time measured in (small numbers of) microseconds. See the discussion above about timing in realistic processors; a password comparison will take a couple nanoseconds.
Another link someone posted said they were able to distinguish timings as small as a few microseconds over the open Internet, and about 100 nanoseconds over a local network -- but even the latter number is still two orders of magnitude too long to distinguish the timing from password comparisons.
You will notice, however, that "bike" can refer to either a bicycle, or, occasionally, a motorcycle, depending on context.
I would submit that, if you restrict the discussion to passwords, you could say a hash almost certainly is "encrypting" the password, just in a way that is hard for anyone to reverse. There are so many more SHA1 hashes than there are, say, 14-character passwords (if you restrict yourself to printable characters, a 14-character password has ~92 bits of entropy, leaving the hash's target space 2^68 times bigger) that it's very likely that what a user has chosen has no collisions within that space. Which means... it's very likely that, when you know the source is a password, there is only a single remotely likely choice.
Of course, you may have to brute force to get to it, so there's no easy decryption algorithm. This may rule it out in your mind, but of course, since you haven't actually said what definition of "encryption" you favor, I can't know that.
Of course, one of the reasons to check for self-assignment in operator= is a correctness issue; a lot of the time the assignment operator is destructive to the object being assigned to. And if that's the same as the source object, well, you're hosed. And there, your program isn't just "doesn't perform quite as well as it could" if you don't check for self-assignment, you're program is buggy because you omitted this check.
(Of course, there are other ways around this, like swap with a temporary object and stuff, but operator= isn't always written that way.)
Admin
Ok, this is driving me a little nuts. Timing attacks are real and do work over the internet. This write-up is good and thorough, even if it discusses HMACs instead of passwords. (Though you can just think of an HMAC as a 20 character password).
It's also worth noting that the concept of "Local Network" is much wider than you might think. How many sites are hosted by shared hosting providers or by one of the major cloud providers? Guess what: every single other customer of theirs is on your local network.
So, if you completely trust every other customer of your hosting provider you're fine, right? Well, for now. Congratulations, you'll be fine until they manage to improve the attack, and attacks always improve. Let me repeat one of the cardinal rules of cryptography (which includes things like passwords).
If you are not an expert in cryptography, never write cryptographic code.
I swear, I'm going to shoot the next developer who submits their own encryption algorithm or RNG to me.
Admin
Oh, I see the problem now! He failed to convert both strings to XML and check for SQL injection before doing the compare!
Admin
"To avoid confusion, we may occasionally need to use apostrophes to indicate the plural forms of certain letters and expressions that are not commonly found in the plural:
"
http://grammar.about.com/od/punctuationandmechanics/tp/GuideApostrophe.htm
Admin
so...
pass1 = "mypasswd" pass2 = "mypasswdwithalotmore..."
will be return true in this method, brilliant
Admin
He's also discussing it in the context of Java & Python, which I didn't think of before. I could easily see that as making the difference between a measurable and immeasurable difference.
Some timing information I got locally says that the difference in time of stopping the comparison early in an optimized C++ program is about 10 nsec. An order of magnitude more than I expected, but still an order of magnitude less than what people (incl. your site) say is measurable in the local network.
Even unoptimized C++ std::string comparisons with (bounds-checked) .at() instead of (unchecked) [] is barely above the 100 ns threshold.
And a truly optimized implementation (that does word-sized comparisons) may be able to bring the difference even lower.
Admin
Nope, you have written a program that exposes you to a timing attack.
Admin
Okay, it's all for maintainance... Who knows? Maybe comparison semantics of The Very Special Strings will change some day, so we created separate function for this...
Admin
I think we need someone to actually implement a forum system with the **** feature, just for all the confusion it would cause. All you'd have to do is check every word of each new post against the user's pass hash.
Admin
How long is it since all C++ programmers were meant to learn that the check-for-self-assign pattern doesn't work in the face of exceptions, and therefore that, since as an optimisation it is almost always a bad trade-off, its use is almost always indicative of a design error? A decade?
Admin
Addendum (2010-09-16 23:30): And the extra work of making code exception-safe is always worth the development time.
Admin
hehe,Sombody has been surfing bash i see :-)
Admin
I think he's rather refering to the wrong use of the word 'encryption' in the text. Since you can never encrypt something by hashing it. A hash is non-revertable and therefor not a form of encryption.
Admin
You are right! It works! If I type my password "***********" and then backwards: "regnevalana" you should only be able to see the last version.
Admin
Admin
except that strings are passed and compared by reference in CLR.
I'm hoping you're trolling or have never used .net
Admin
They might actually have a point. If the only way for a user (or attacker) to login is through the web application, they can easily prevent brute force attacks by locking an account for 24 hours after three failed login attempts. This way, even with 6 letter, all lower case, alphabetic passwords it would take thousands of years to brute force it. It sure beats forcing users to write down passwords because they can't possibly memorize dozens of long strings of random non alphanumeric gibberish that they are supposed to change periodically.
Admin
They might actually have a point. If the only way for a user (or attacker) to login is through the web application, they can easily prevent brute force attacks by locking an account for 24 hours after three failed login attempts. This way, even with 6 letter, all lower case, alphabetic passwords it would take thousands of years to brute force it. It sure beats forcing users to write down passwords because they can't possibly memorize dozens of long strings of random non alphanumeric gibberish that they are supposed to change periodically.
Admin
Can't tell if you're joking or not :-/
Admin
You get an exception (out of range) if the size of the passwds is different.
Replacing problems with other problems ist not fixing.
Admin
Do the different versions handle this differently? I haven't checked, I'm just making the point.
Admin
He get it wrong our manager discovered that passwords are sent in plaintext! Code at our company is
public class PasswordChecker{ public static int _getary(bool[] ary,int index){ try { return ary[index]; } catch (IndexOutOfRangeException) { return 0; } } public static bool Paswordscheck(Password passwordFirst,Password passwordSecond){ long long pwFirst=0; long long pwSecond=0; byte psswordFirst[]; byte psswordSecond[]; int i; Iterator pwdFirst; Iterator pwdSecond; psswordFirst=IPassword(passwordFirst).getpassword(); psswordSecond=IPassword(passwordSecond).getpassword(); pwdFirst=psswordFirst.iterator(); pwdSecond=psswordSecond.iterator(); while (pwdFirst.hasNext()){//secure first password psswordFirst[i]=''; i=i+1; } i=0; while (pwdSecond.hasNext()){//secure second password pssword2[i]=''; i=i+1; } int sizeofbyte=1; for (i=0;i<1getbitsperbyte();i++) sizeofbyte=2sizeofbyte; for (i=0;i<1getbitsperbyte();i++) pwFirst=pwSecondsizeofbyte+_getary(pssword1[i]); for (i=0;i<1getbitsperbyte();i++) pwFirst=pwSecondsizeofbyte+_getary(pssword2[i]); return pwFirst==pwSecond;//comparsion by 8bytes simutaneusly is very fast };
Admin
That's actually not OK if you put it in an online system: it is susceptible to a side channel (timing) attack.
Most .equals method return false when they see that 2 characters don't match. If the first character does not match the function will return immediately. If the measuring can be precise enough you can just test character by character.
It's better to create two strings of the same length, padded with a character that you may not use. Then compare and only return after all characters have been compared.
Admin
This is not a wtf The strings are probably already hashed containing characters above 128
Admin
No - Darren is entirely correct. The User ID is what it says on the tin, the mechanism by which a user is Identified, to the system itself and often others. The password is the "secret bit" between the user and the system that tells the system that the actor claiming to be that user, actually is. If the user ID was private, then you'd actually need to invent an ID for the user that wasn't private as your original ID would effectively be a second password. No harm in that I suppose - but it would not be a user Id if it was considered private - it's an ID, by definition the mechanism by which you are identified to others
Admin
pharmacie en ligne avec ordonnance https://kamagraenligne.com/# acheter mГ©dicament en ligne sans ordonnance