Use constant-time string comparison about onionshare HOT 6 CLOSED

I'm reopening this issue because of pull request #4 (@andrew-d wrote a quick and simple alternative to my commit, but he's also not using an established library) and the comments in a12dd0c.

@kofalt @svisser, any suggestions on what library to use? Is there one that's included with python, so we won't have to include more dependencies?

Also, while important, I think this is a defense-in-depth problem. I'm skeptical if timing attacks can even work when hopping across 7 Tor nodes. The person running onionshare gets to see logs scroll by of every request made. And the attacker would have to somehow learn the specific, short-lived .onion address to attack in the first place.

from onionshare.

There's the built-in hmac.compare_digest, but that was only added in Python 3.3. It might be possible to do a fallback of sorts:

import hmac

if hasattr(hmac, 'compare_digest'):
    is_equal = hmac.compare_digest
else:
    # Etc.

I'm not familiar with other, external libraries.

EDIT: Also, it appears that this only supports ASCII characters, throwing a TypeError on Unicode strings. You'd have to encode the strings first.

from onionshare.

I just implemented #2 which actually completely gets rid of basic auth and the username and password, which basically means there is no string comparison of secret data going on in onionshare.py anymore.

But the real question is: is there still the same timing attack to guess the URL, but this time the problem is nestled somewhere in flask's routing code?

from onionshare.

But the real question is: is there still the same timing attack to guess the URL, but this time the problem is nestled somewhere in flask's routing code?

Good point. I did not dig into the code enough to definitively determine this, but it is likely those comparisons are not constant time.

I do not agree that we should just assume that timing attacks are "impossible over Tor" (famous last words). I do, however, think, that this is a good opportunity to create a threat model document, which we can use to evaluate this kind of trade-off.

from onionshare.

The route decorator uses add_url_rule internally, so we can subclass and change that method, perhaps substituting a constant time string comparison algo such as hmac.compare_digest.

from onionshare.

@garrettr, nice I like it.

from onionshare.