Skip to content

Consider using constant-time comparison #3

New issue
New issue
Closed
Closed
Consider using constant-time comparison#3
@udf2457

Description

@udf2457
udf2457
opened on Jul 6, 2025

Regarding these lines in your code:

altcha-lib-go/altcha.go

Line 297 in 714332f

return expectedChallenge.Challenge == parsedPayload.Challenge && expectedChallenge.Signature == parsedPayload.Signature, nil

-and-

altcha-lib-go/altcha.go

Line 327 in 714332f

return computedHash == fieldsHash, nil

-and-

altcha-lib-go/altcha.go

Line 423 in 714332f

if hash == challenge {

You should probably consider doing a constant-time comparison to avoid the risk of side-channel timing attacks, e.g. maybe something similar to:

import (
"crypto/subtle"  // new import required for access to subtle.ConstantTimeCompare()
)

// New Function
// Constant-time comparison for strings
func secureCompare(a, b string) bool {
  // Pre-hashing required because ConstantTimeCompare expects same length, otherwise you'll end up with a length leaking attack
  // As per the docs "If the lengths of x and y do not match it returns 0 immediately. "
  aHash := sha256.Sum256([]byte(a))
  bHash := sha256.Sum256([]byte(b))
  return subtle.ConstantTimeCompare(aHash[:], bHash[:]) == 1
}

// Then, e.g. altcha-lib-go/altcha.go#L297
return secureCompare(expectedChallenge.Challenge,parsedPayload.Challenge) && secureCompare(expectedChallenge.Signature,parsedPayload.Signature), nil

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions