Unnecessary double timing attack protection in encryption service?

[Krisell]

• Laravel Version: 7.22.4
• PHP Version: 7.4
• Database Driver & Version: N/A

Description:

I looked around in Illuminate\Encryption\Encrypter and noticed that the MAC-validation uses two separate techniques to protect against timing attacks.

1. It uses hash_equals, which is a timing safe string comparison function that was added in php 5.6.0.
2. It uses a randomized double HMAC technique.

The following article explains these two, and also notices that (1) should be used if it is available.
https://paragonie.com/blog/2015/11/preventing-timing-attacks-on-string-comparison-with-double-hmac-strategy

So, my thought is that the double HMAC could be skipped, improving performance and readability (which is very important in cryptographic implementations). This would make the validMac-function look like this, and removing the need for calculateMac:

protected function validMac(array $payload)
{
    return hash_equals(
        $this->hash($payload['iv'], $payload['value']),
        $payload['mac']
    );
}

Input from a cryptographic expert would be much appreciated here. Perhaps I have misunderstood the real reason for the randomized double HMAC.

Making these changes is non-breaking, since it only changes the validation-side. I'm prepared to make a PR if this is a wanted change.

What is a timing attack?

For readers unfamiliar with the term, a timing attack is a so-called side-channel attack where a cryptographic operation is leaking information about the contents through a "side-channel" such as time, heat, sound or similar. In this case, a normal === check between two strings would be faster when the strings differ more and slower when they differ only in the last byte, which enables for a cryptographic attack. hash_equals always takes the same amount of time regardless of the relation between the input strings.

[Krisell]

Merged in 2aa0563, can be marked as answered.