veb.auth: use constant time comparision in compare_password_with_hash (…

…vlang#21693)
yuyi98 · Jun 18, 2024 · 72a3fd6 · 72a3fd6
1 parent 0498ed1
commit 72a3fd6
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/vlib/veb/auth/README.md b/vlib/veb/auth/README.md
@@ -89,3 +89,13 @@ pub fn (mut app App) find_user_by_name(name string) ?User {
 	return User{}
 }
 ```
+
+## Security considerations
+
+`hash_password_with_salt` and its related functions use `sha256` for hashing with a single
+iteration. This is not secure for production use, and you should use a more secure hashing
+algorithm and multiple iterations.
+
+See also:
+- [OWASP Password Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
+
diff --git a/vlib/veb/auth/auth.v b/vlib/veb/auth/auth.v
@@ -5,6 +5,7 @@ module auth
 
 import rand
 import crypto.rand as crypto_rand
+import crypto.hmac
 import crypto.sha256
 
 const max_safe_unsigned_integer = u32(4_294_967_295)
@@ -84,5 +85,9 @@ pub fn hash_password_with_salt(plain_text_password string, salt string) string {
 }
 
 pub fn compare_password_with_hash(plain_text_password string, salt string, hashed string) bool {
-	return hash_password_with_salt(plain_text_password, salt) == hashed
+	digest := hash_password_with_salt(plain_text_password, salt)
+	// constant time comparison
+	// I know this is operating on the hex-encoded strings, but it's still constant time
+	// and better than not doing it at all
+	return hmac.equal(digest.bytes(), hashed.bytes())
 }