veb.auth: use constant time comparision in compare_password_with_hash (#21693)

2025-09-17 03:17:25 -04:00 · 2024-06-18 22:21:20 +02:00 · 2024-06-18 22:21:20 +02:00 · 72a3fd6f02
commit 72a3fd6f02
parent 0498ed1032
2 changed files with 16 additions and 1 deletions
--- a/vlib/veb/auth/README.md
+++ b/vlib/veb/auth/README.md
@ -89,3 +89,13 @@ pub fn (mut app App) find_user_by_name(name string) ?User {
 	return User{}
 }
 ```
+
+## Security considerations
+
+`hash_password_with_salt` and its related functions use `sha256` for hashing with a single
+iteration. This is not secure for production use, and you should use a more secure hashing
+algorithm and multiple iterations.
+
+See also:
+- [OWASP Password Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
+
--- a/vlib/veb/auth/auth.v
+++ b/vlib/veb/auth/auth.v
@ -5,6 +5,7 @@ module auth

 import rand
 import crypto.rand as crypto_rand
+import crypto.hmac
 import crypto.sha256

 const max_safe_unsigned_integer = u32(4_294_967_295)
@ -84,5 +85,9 @@ pub fn hash_password_with_salt(plain_text_password string, salt string) string {
 }

 pub fn compare_password_with_hash(plain_text_password string, salt string, hashed string) bool {
-	return hash_password_with_salt(plain_text_password, salt) == hashed
+	digest := hash_password_with_salt(plain_text_password, salt)
+	// constant time comparison
+	// I know this is operating on the hex-encoded strings, but it's still constant time
+	// and better than not doing it at all
+	return hmac.equal(digest.bytes(), hashed.bytes())
 }