Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Use secure_compare for hmac comparison

 * Closes CVE-2013-0263
  • Loading branch information...
1 parent 9a81b96 commit 0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07 @raggi raggi committed
Showing with 1 addition and 1 deletion.
  1. +1 −1  lib/rack/session/cookie.rb
2  lib/rack/session/cookie.rb
@@ -159,7 +159,7 @@ def destroy_session(env, session_id, options)
def digest_match?(data, digest)
return unless data && digest
@secrets.any? do |secret|
- digest == generate_hmac(data, secret)
tarcieri added a note

Heh, funny, I looked for this vulnerability in Rails recently and saw they were using a (wonky) constant-time comparison function. Didn't think to look in Rack. Crypto is hard :(

More support for RbNaCl :+1:

tarcieri added a note

Constant time comparison function? Yeah, RbNaCl's got one of those (and full HMAC as implemented by Dan Bernstein):

@raggi Owner
raggi added a note

Saddest thing about this is, @codahale reported this 3 years ago, and I even responded then, but I was too dumb to get it, and not running releases (probably good). Anyway, I was wrong then, and we were wrong not to deal with it.

tarcieri added a note

@raggi again, crypto is hard ;(

@raggi Owner
raggi added a note

@tarcieri thing that really gets me though, is that these days I'm very clearly aware of how critical timing attacks are. I had some generally knowledgable folks telling me it's not really viable over the last couple of days. Well, when you're inside the Cloud, you're basically on a LAN. This is totally viable inside [insert cloud service here].

tarcieri added a note

Know a timing attack:

Screen Shot 2013-02-07 at 10 06 03 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ Rack::Utils.secure_compare(digest, generate_hmac(data, secret))

0 comments on commit 0cd7e9a

Please sign in to comment.
Something went wrong with that request. Please try again.