Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

My question is related to PBKDF2. I am unsure how to validate user entered passw

ID: 648489 • Letter: M

Question

My question is related to PBKDF2. I am unsure how to validate user entered password with already existing hashes and salts.

I have heard of the so called "length-constant" comparison which basically ensures that every byte is being compared rather than a simple string comparison. And this is part where I am confused about. When deriving a key using for example "Hello" as password and "Hello2" as salt the output of PBKDF2 will always be the same. So why is there a slow equals (length-constant) comparison method?

What is the correct way of validating passwords in PBKDF2?

Explanation / Answer

If the resulting hashes were the same, a non length-constant check would compare every byte of the resultant digest. This would take the most time to compare.

Lets say it takes 90.00ms to run the KDF, and 0.90ms to do a full length compare (not real numbers but good enough for the example)

If the password was "hello" instead of "Hello", it is probable that the digest will have a different first or 2nd byte, which means a comparison would determine they are different much faster than if they were the same. Instead of 90.90ms, it may take 90.10ms.

If the attacker is capable of measuring the cpu usage or cpu power draw, they may be able to measure the quantity of keystrokes, giving the attacker the length of the correct password. They may also be able to compare the time it takes between key presses to better determine what combination of key presses was entered. The attacker may be able to get much more information that that, maybe less, but every bit of information the attacker gets will help them attack the KDF and recover the password. Knowing that a specific combination is correct is a huge amount of information.

This is why constant time comparisons are so important, because it is extremely easy to put in bogus passwords and get a timeframe of how long it takes to compare incorrect results, so when the correct result is compared it will take longer, and be detected by whatever mechanism (software or hardware) is measuring them.

Related Questions

My question is about how best to organize C++ classes around a database model, a
Question #658917
My question is about number 5. It uses information from number 4. A liquid-phase
Question #916537
My question is about problem 4R in Chapter 23, which is acontinuation of questio
Question #2917686
My question is about problem 4R in Chapter 23, which is acontinuation of questio
Question #2952566
My question is about question number 15 from chapter 2 in theGiancoli Physics bo
Question #1737222
My question is about special relativity: Our two intrepid relacar drivers are na
Question #1471768
My question is about the appearance of a non-analytic function in the formula fo
Question #1378927
My question is about the article Swimming in Spacetime. My gut reaction on first
Question #2281871
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Chat Now And Get Quote

Navigate

Previous
My question is related to C++ but it comes from Java actually. When I was progra
Next
My question is related to one of the oldest question in ecology: \"What determin

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.