0

When I use Apache Httpd's basic auth functionality, sometimes I notice that wrong passwords seem to take longer than right passwords to check.

Does Apache Httpd have an option for constant time password comparisons?

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
MrSynAckSter
  • 157
  • 1
  • 5

1 Answers1

0

There could be an artificial delay for failed passwords, but testing here doesn't reveal a timing difference between right and wrong passwords (their timings are mixed together).

However, I should note that even if there was such difference, it is irrelevant. The important point is that two wrong passwords don't have a timing difference based on their distance to the right password.

Given that apache is using hashed passwords, there's no way a bad implementation could reveal that. In the worst case, an attacker who also knew the salt (in which case he would also have obtained the password hash at the same time), could discover the hashed password… if he was able compute (partial) preimages (ie. break the hash function).

As apache isn't using password hashing functions where that's feasible, it's impossible to exploit that timing difference. Even if Apache isn't comparing the hashes in constant time, which it may be doing.

Ángel
  • 852
  • 4
  • 6
  • If the passwords are being compared incorrectly, even if they are hashed, it might still be possible exploit a non constant time comparison. Where did you get the timing data for your answer? If there are public tests, I'd love to see them. – MrSynAckSter Mar 12 '15 at 23:05
  • @baordog: How could you exploit a non-constant time comparison if the hash function used is indeed a one-way function? / I just ran wget a few times to a protected directory with right/wrong credentials. – Ángel Mar 12 '15 at 23:17