Replace base64 with base64ct #195
Comments
|
Doesn't I am probably missing something important though as it probably exists for a reason. |
No. Timing attacks over the network (or any medium) are just as readily achieved. |
|
oh, had no idea that was practical, would have thought the differences around it (NIC buffering, routers, switches etc), It seems these techniques are more advanced than i thought. |
|
Exploiting sidechannels as a network-based attacker is possible. It usually involves a fairly noisy attack which is repeated over and over many times (e.g. millions of times) combined with statistical methods to observe timing variabilities. Such attacks have been used in the past for full plaintext recovery against protocols like TLS e.g. Lucky13 (great paper if you want to see how such attacks work). However, the most practical attack against a Base64 decoder/encoder is probably going to be a local microarchitectural sidechannel. Such sidechannels have been used in a research setting to recover Base64-encoded cryptographic keys and could still be possible against e.g. a local webserver (possibly on a cotenant container or VM): https://arxiv.org/pdf/2108.04600.pdf |
|
Closing with my commentary at #196 (comment). |
The
base64ctcrate is specifically designed to provide constant-time decoding and encoding of Base64 strings for cryptographic and security-sensitive applications. Since in this cratebase64is used for handling sensitive data, it's probably worth to replace it withbase64ct.Unfortunately, using
base64ctwould mean MSRV bump to at least 1.51 (for pre-1.3 versions) or to 1.56 for the latest released version.cc @tarcieri
The text was updated successfully, but these errors were encountered: