Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-1385

Add a hash comparision function to OTP?



    • Type: New Feature
    • Status: Resolved
    • Priority: Minor
    • Resolution: Won't Do
    • Affects Version/s: 24.0
    • Fix Version/s: None
    • Component/s: crypto
    • Labels:


      Crypto has since a time had an undocumented function crypto:equal_const_time/2 with the purpose of comparing two binaries or two strings without revealing at which position  a possible miss-match is.

      The Pull Request PR-2749 suggested a NIF implementation, and later the PR-2778 suggested the same as a BIF since crypto is not available if not a cryptolib is available.

      At the OTP Technical Board 2020-10-15 both PRs have been rejected, and the following were noted for a future possible implementation of such a function as public:

      If we add a function like this it should belong to crypto and should be named hash_equals/2.

      The type spec should be hash_equals(Arg1::binary(), Arg2::binary() ) -> true | false.

      If the size of Arg1 and Arg2 differs it should crash to make it obvious for the user that the function is intended to be used for comparing hash values where the length is known. The use for comparing for example plain text passwords of different lengths is not a supported use case and with a crash for unequal lengths we make that obvious. We also think the function should be implemented in Erlang (we already have such an implementation) as long as there is no public function in OpenSSLs crypto lib that can be used. We might change the implementation if such a function is made public in OpenSSL.

      Before taking the final decision we want to know more about the use cases outside SSL and SSH where a function like this should be used. This in order to judge if the function and placement in crypto is the most useful one. The rationale to put the function in crypto is that if a user is dealing with something that is supposed to be safe then crypto is also needed. And if some other crypto solution is used then a "secure" compare should be available in that solution/library as well.

      Answers? Questions? Comments? Login to make a Comment.




            hans Hans Nilsson
            hans Hans Nilsson
            0 Vote for this issue
            4 Start watching this issue