In Node.js web development I saw it as a mon practice to use bcrypt for hashing and parison of password. Is bcryptpare vulnerable to timing attack?
In Node.js web development I saw it as a mon practice to use bcrypt for hashing and parison of password. Is bcrypt.pare vulnerable to timing attack?
1 Answer
Reset to default 8Original post:
It depends on the implementation of the bcrypt module you're using. bcrypt itself is just a key derivation function and does not indicate how parison should be done. In theory, a bcrypt.pare function that pared hashes with a naive string === parison could leak information about the hash.
However, assuming you're referring to the most widely used bcrypt module for Node.js, the bcrypt.pare function is implemented using a timing safe CompareStrings function. This function always pares all characters in the hash before breaking, which prevents it from revealing where/when the parison failed.
Important update:
The bcrypt.pare function liked above is no longer timing safe, however this has been discussed in various places (for example here and here) and the consensus seems to be that this doesn't matter because bcrypt itself is not vulnerable to timing attacks:
One of the desired properties of a cryptographic hash function is preimage attack resistance, which means there is no shortcut for generating a message which, when hashed, produces a specific digest.