Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto library should have a constant-time equality function #3043

Closed
bbqsrc opened this issue Sep 24, 2015 · 4 comments
Closed

Crypto library should have a constant-time equality function #3043

bbqsrc opened this issue Sep 24, 2015 · 4 comments
Labels
crypto Issues and PRs related to the crypto subsystem. feature request Issues that request new features to be added to Node.js.

Comments

@bbqsrc
Copy link

bbqsrc commented Sep 24, 2015

Issue #8560 was archived, but seems no issue was opened for it here.

I note that there is still no constant-time equality method in the converged node.
@brendanashworth brendanashworth added crypto Issues and PRs related to the crypto subsystem. feature request Issues that request new features to be added to Node.js. labels Sep 24, 2015
@ChALkeR
Copy link
Member

ChALkeR commented Sep 26, 2015

This doesn't look like a feature request. If a timing attack could be reproduced in any setup based on this, then it's a security issue. If it can't, then it's speculative.

Ah, sorry all. It's indeed a feature request, because there is no such function at all in the crypto module. And definetely not a security issue.

I misread, sorry again.

@ChALkeR ChALkeR added feature request Issues that request new features to be added to Node.js. and removed feature request Issues that request new features to be added to Node.js. labels Sep 26, 2015
@ChALkeR ChALkeR mentioned this issue Sep 26, 2015
Closed
@jsha jsha mentioned this issue Sep 26, 2015
Closed
@mbland mbland mentioned this issue Oct 4, 2015
Merged
@norcalli
Copy link

The only time a constant-time equality comparison is a useful thing to do is as a countermeasure to a timing attack, therefore I think it is definitely a security issue and I'm a bit surprised it isn't in the crypto module.

@ChALkeR
Copy link
Member

ChALkeR commented Feb 8, 2016

#5139 and #3073 are the PRs for this.

@ChALkeR ChALkeR mentioned this issue Feb 8, 2016
Closed
@r3wt r3wt mentioned this issue May 7, 2016
Closed
@ChALkeR
Copy link
Member

ChALkeR commented Sep 12, 2016
edited

#8040 landed (see also #8304).

@ChALkeR ChALkeR closed this as completed Sep 12, 2016
@ChALkeR ChALkeR mentioned this issue Sep 12, 2016
Closed
4 tasks
@bnoordhuis bnoordhuis mentioned this issue Nov 21, 2017
Closed
This was referenced Sep 17, 2021
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. feature request Issues that request new features to be added to Node.js.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bbqsrc @ChALkeR @norcalli @brendanashworth