Skip to content

ehrmann/const-time

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Constant-time Java Comparators

CircleCI

Motivation

Timing attacks against things like HMAC are well documented, but it's also possible to attack caches backed by Java HashMaps. Internally, hash tables use a hash code to look up entries, then do an equality comparison to handle collisions. Because Java hashCode() implementations are rarely cryptographically secure, a timing attack can be used to enumerate keys in a HashMap.

First, an attacker probes with string keys with known hash codes to identify hash codes with collisions (lookups with collisions will be slower). Once hash codes have been identified, collisions can be generated for Strings with a chosen prefix. Because String.equals() is not constant time, it can be "picked" the same way as an HMAC.

Usage

Map<String, V> cache = new TreeMap<>(ConstTimeStringComparator.INSTANCE);

Or for byte arrays,

Map<String, V> cache = new TreeMap<>(ConstTimeByteArrayComparator.INSTANCE);

If you're especially paranoid (attacks depend on knowing the hash code algorithm for keys) and use composite keys,

Map<Pojo, V> cache = new TreeMap<>(new ConstTimeComparatorBuilder<Pojo>()
    .comparingInt(Pojo::getField1)
    .comparingString(Pojo::getField2)
    .build());

About

Constant time Java comparators

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages