You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
A cursory review of the PFLockScreen-Android revealed that the PIN check was vulnerable to timing attack due to not being time constant.
To Reproduce
Steps to reproduce the behavior:
See checkPin() function here:
The clear-text PIN will be checked against the decrypted PIN using String.equals(), which is vulnerable to timing attack. The equals function stops comparing the strings as soon as one-character mismatches.
Expected behavior
Remediation: First, PFLockScreen-Android should use hashing instead of encrypting the PIN of the user. For instance, the library could be using bcrypt or argon2id to create a strong hash of the PIN combined with a random unique salt. A timing attack will not reveal any information when comparing two hashes.
Additionally, the checkPin function could implement a time-constant comparison check using a XOR sum. Below is the implementation from OpenJDK:
// OpenJDK: https://github.com/openjdk-mirror/jdk7u-jdk/blob/master/s⌋ → rc/share/classes/java/security/MessageDigest.java#L430
public static boolean isEqual(byte[] digesta, byte[] digestb) { if (digesta.length != digestb.length) {
return false;
int result = 0;
// time-constant comparison
for (int i = 0; i < digesta.length; i++) {
result |= digesta[i] ^ digestb[i];
}
return result == 0; }
The text was updated successfully, but these errors were encountered:
Describe the bug
A cursory review of the PFLockScreen-Android revealed that the PIN check was vulnerable to timing attack due to not being time constant.
To Reproduce
Steps to reproduce the behavior:
See checkPin() function here:
PFLockScreen-Android/pflockscreen/src/main/java/com/beautycoder/pflockscreen/security/PFFingerprintPinCodeHelper.java
Line 63 in ff5b7cd
The clear-text PIN will be checked against the decrypted PIN using String.equals(), which is vulnerable to timing attack. The equals function stops comparing the strings as soon as one-character mismatches.
Expected behavior
Remediation: First, PFLockScreen-Android should use hashing instead of encrypting the PIN of the user. For instance, the library could be using bcrypt or argon2id to create a strong hash of the PIN combined with a random unique salt. A timing attack will not reveal any information when comparing two hashes.
Additionally, the checkPin function could implement a time-constant comparison check using a XOR sum. Below is the implementation from OpenJDK:
// OpenJDK: https://github.com/openjdk-mirror/jdk7u-jdk/blob/master/s⌋ → rc/share/classes/java/security/MessageDigest.java#L430
public static boolean isEqual(byte[] digesta, byte[] digestb) { if (digesta.length != digestb.length) {
return false;
int result = 0;
// time-constant comparison
for (int i = 0; i < digesta.length; i++) {
result |= digesta[i] ^ digestb[i];
}
return result == 0; }
The text was updated successfully, but these errors were encountered: