Duet3D Logo Duet3D
    • Tags
    • Documentation
    • Order
    • Register
    • Login

    Constant-Time password compare

    Scheduled Pinned Locked Moved
    Firmware developers
    2
    4
    647
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • resamundefined
      resam
      last edited by

      Hi,

      I'm not sure what the general security guidelines for the DuetWifi & RepRapFirmware are, but I noticed that the HTTP/FTP/Telnet password comparison seems to leak timing information. Now, assuming the password should be a safe security protection against unwanted logins & interaction, I would recommend implementing a constant-time password strcmp function, see https://cryptocoding.net/index.php/Coding_rules#Compare_secret_strings_in_constant_time.

      The current implementation uses a loop with early exit, see https://github.com/dc42/RepRapFirmware/blob/dev/src/RepRap.cpp#L1656 and https://github.com/dc42/RepRapFirmware/blob/e2f506e855785d0f0d9786f1285deebf1d51bad8/src/RepRapFirmware.cpp#L217-L230.

      @DC42
      I'm interested to hear your thoughts on this, maybe I'm completely wrong and this doesn't apply here - or attackers can circumvent password-based authentication by other means. However, I feel like we should at least do our best and make authentication and security it as strong as possible given the nature of this project.

      One last question, coming back to the general security guidelines: Would you feel comfortable putting a DuetWifi on the public Internet with ONLY the password protection (M551) and TLS to hide it, or would you generally recommend against it?

      1 Reply Last reply Reply Quote 1
      • dc42undefined
        dc42 administrators
        last edited by

        The Duet WiFi does not support TLS yet (it may never do, because of limited CPU power) so the only way I would put one on the public internet is via a VPN. For the next generation Duet we are looking at much stronger security.

        I take your point about using a constant-time string compare, however the variation in the time depending on how much of the password matches is likely to be no more than 1us, which is probably not significant compared with the jitter in the scheduling time from the password arriving to when it gets compared, and also the jitter in the network transport time.

        Duet WiFi hardware designer and firmware engineer
        Please do not ask me for Duet support via PM or email, use the forum
        http://www.escher3d.com, https://miscsolutions.wordpress.com

        1 Reply Last reply Reply Quote 0
        • resamundefined
          resam
          last edited by

          Yes, I'm currently terminating TLS on a regular server and then reverse-proxying the traffic to the DuetWifi.
          IMHO the lack of TLS on the Duets itself is fine - I would not want to put such complicated/complex tasks as ASN.1 parsing on my printer anyway 😄

          Just to give a frame of reference, 100ns on the local network, and as low as 15us on the public internet are enough to leak information, according to https://www.cs.rice.edu/~dwallach/pub/crosby-timing2009.pdf.

          1 Reply Last reply Reply Quote 1
          • dc42undefined
            dc42 administrators
            last edited by

            Constant time password comparison is now implemented and will be released in 1.21RC2.

            Duet WiFi hardware designer and firmware engineer
            Please do not ask me for Duet support via PM or email, use the forum
            http://www.escher3d.com, https://miscsolutions.wordpress.com

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Unless otherwise noted, all forum content is licensed under CC-BY-SA