Make RPC password resistant to timing attacks #2886

pull gavinandresen wants to merge 1 commits into bitcoin:master from gavinandresen:rpctiming changing 3 files +27 −1
  1. gavinandresen commented at 11:06 AM on August 8, 2013: contributor

    Fixes issue#2838; this is a tweaked version of pull#2845 that should not leak the length of the password and is more generic, in case we run into other situations where we need timing-attack-resistant comparisons.

  2. Make RPC password resistant to timing attacks
    Fixes issue#2838; this is a tweaked version of pull#2845 that
should not leak the length of the password and is more generic,
in case we run into other situations where we need
timing-attack-resistant comparisons.
    42656ea2e5
  3. BitcoinPullTester commented at 11:48 AM on August 8, 2013: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/42656ea2e552b027e174fdceab7348ffcb8245c4 for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  4. laanwj commented at 8:01 AM on August 10, 2013: member

    ACK

  5. sipa commented at 9:48 PM on August 15, 2013: member

    ACK

  6. gmaxwell commented at 9:54 PM on August 15, 2013: contributor

    ACK. This does leak some timing data if bsize==0 or not, but I think this is inconsequential, I'm only mentioning it in case others didn't realize it and might care.

  7. sipa cross-referenced this on Aug 15, 2013 from issue Mitigate Timing Attacks On Basic RPC Authorization by grayleonard
  8. gavinandresen referenced this in commit a0bb001431 on Aug 16, 2013
  9. gavinandresen merged this on Aug 16, 2013
  10. gavinandresen closed this on Aug 16, 2013
  11. gavinandresen deleted the branch on Nov 4, 2013
  12. laanwj cross-referenced this on Nov 12, 2013 from issue Timing leak in RPC authentication by pakt
  13. 0xDEADFACE referenced this in commit 6511bd83b4 on Jan 26, 2014
  14. Tranz5 referenced this in commit d61aefe703 on May 23, 2014
  15. bee7 referenced this in commit 95312f7f86 on Jun 2, 2014
  16. strcoin referenced this in commit 4e9792e6ad on Jun 10, 2014
  17. iamunick referenced this in commit 0d1f65a9f2 on Jun 12, 2014
  18. palmd referenced this in commit 0ff399b94f on Nov 29, 2014
  19. lunokhod referenced this in commit 965c908b69 on Feb 26, 2015
  20. noise23 referenced this in commit 74398e9366 on Sep 18, 2015
  21. cryptokat referenced this in commit bc8d0cbc75 on Dec 28, 2017
  22. semuxgo referenced this in commit 8a6938f693 on Jun 11, 2018
  23. semuxgo referenced this in commit 28bbddfcc4 on Jun 11, 2018
  24. semuxgo referenced this in commit 8f808a5272 on Jun 11, 2018
  25. bitcoin locked this on Sep 8, 2021
Contributors
gavinandresenBitcoinPullTesterlaanwjsipagmaxwell
Linked (view graph)
#2838 Timing leak in RPC authentication#2845 Mitigate Timing Attacks On Basic RPC Authorization
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 06:55 UTC