Sidechannel timing attack vulnerability

[jakubmanczak]

The auth_via_credentials function only performs the expensive-in-terms-of-time hash if a password hash is found for a given user. This means that response times of any endpoint that requires authentication will be significantly and observably (!!) shorter for users with invalid handles, giving potential attackers unauthorized information - if a response is longer than usual, then this user is a valid target.

pub async fn auth_via_credentials(
        login: &str,
        password: &str,
        pool: &Pool<Postgres>,
    ) -> Result<User, OmniError> {
        let hash = match sqlx::query!(
            "SELECT password_hash FROM users WHERE handle = $1",
            login
        )
        .fetch_one(pool)
        .await
        {
            Ok(hash) => hash.password_hash,
            Err(e) => match e {
                sqlx::Error::RowNotFound => return Err(AuthError::InvalidCredentials)?,
                _ => return Err(OmniError::SqlxError(e))?,
            },
        };
        let argon = Argon2::default();
        let hash = match PasswordHash::new(&hash) {
            Ok(hash) => hash,
            Err(e) => return Err(e)?,
        };

        match argon.verify_password(password.as_bytes(), &hash).is_ok() {
            true => User::get_by_handle(login, pool).await,
            false => Err(AuthError::InvalidCredentials)?,
        }
    }

[Mateusz-Dobrzynski]

Performing the hash at all times would even the response times out for both valid and invalid handles, wouldn't it? Is this what you propose?

[jakubmanczak]

yea