boogerlad/mj - Change RAN5QU4U2OVNLDGZVVTJNCXDN5GNAVPXGKHADZO2ML3Y5KLU4QPQC

replace blake2 with blake3. I think node being a wrapper around openSSL makes it slow. 481,000ops/s vs 1,970,000ops/s decrease token length and hash length to 128bits(argon2 waiting for pr to land: https://github.com/ranisalt/node-argon2/pull/266) https://security.stackexchange.com/questions/102157/do-you-need-more-than-128-bit-entropy "128 bits of entropy are enough. if you generate a 256-bit AES key from a 128-bit seed and a strong PRNG, then you do not really have a 256-bit key." https://crypto.stackexchange.com/a/29618 "if you had random binary tokens, a token longer than [hash function digest length]bits would be useless." hex encode instead of base64 there exists a timing attack via dictionary reduction on hash prefix discovery therefore, not applicable to lobomj. password hashes are salted(if the salt is known, so is the hash) and tokens are of sufficient entropy to make brute force/dictionary infeasible. https://github.com/codahale/bcrypt-ruby/pull/43#issuecomment-15797932 https://github.com/aj-code/TimingIntrusionTool5000/blob/master/TimingAttackPresentation2012.pdf slide 21 https://crypto.stackexchange.com/questions/25607 https://security.stackexchange.com/questions/9192 https://crypto.stackexchange.com/questions/40433 "If "honey7dew" is replaced by something with high entropy (hopeless to guess), there demonstrably is no attack enabled by timing of the comparison: if there was one, it would break the first preimage resistance of the hash."

Created by boogerlad on July 30, 2020

RAN5QU4U2OVNLDGZVVTJNCXDN5GNAVPXGKHADZO2ML3Y5KLU4QPQC

Dependencies

In channels

main

Change contents

Insertion in package-lock.json at line 250 [3.145]

[3.2709]

    "blake3": {
      "version": "2.1.4",
      "resolved": "https://registry.npmjs.org/blake3/-/blake3-2.1.4.tgz",
      "integrity": "sha512-70hmx0lPd6zmtNwxPT4/1P0pqaEUlTJ0noUBvCXPLfMpN0o8PPaK3q7ZlpRIyhrqcXxeMAJSowNm/L9oi/x1XA=="
    },

Insertion in package.json at line 13 [3.29376]
[3.29598]
[4.9820]
```
    "blake3": "^2.1.4",
```

Replacement in server.js at line 5 [5.590]

B:BD[5.999] → [5.999:1034]

const crypto = require('crypto');

[6.1871]

[7.187]

const { hash: blake3 } = require('blake3/dist/node');//wasm is faster than neon(node-native) for small inputs (16 bytes)

Replacement in server.js at line 10 [5.590]

B:BD[8.19515] → [8.19515:19572]

const randomBytes = util.promisify(crypto.randomBytes);

[8.19515]

[8.19572]

const randomBytes = util.promisify(require('crypto').randomBytes);

Replacement in server.js at line 83 [5.590]

B:BD[8.21038] → [8.21038:21409]

			let user = (await pool.query('select user_id, email, god, json_object_agg(store_id, owner) filter (where store_id is not null) as acl from usr left join user_store using (user_id) where token_hash = $1 and now() < token_expiry group by user_id', [crypto.createHash('BLAKE2b512').update(Buffer.from(ws.q.token, 'base64')).digest()])).rows[0];//possible timing attack?

[8.21038]

[8.21409]

			let user = (await pool.query('select user_id, email, god, json_object_agg(store_id, owner) filter (where store_id is not null) as acl from usr left join user_store using (user_id) where token_hash = $1 and now() < token_expiry group by user_id', [blake3(Buffer.from(ws.q.token, 'hex'), {length: 16})])).rows[0];

Replacement in server.js at line 111 [5.590]
B:BD[8.22200] → [8.22200:22240]
```
			let token = await randomBytes(128);
```
[8.22200]
[8.22240]
```
			let token = await randomBytes(16);
```

Replacement in server.js at line 130 [5.590]

B:BD[8.22666] → [8.22666:22821]

					crypto.createHash('BLAKE2b512').update(token).digest(),
					crypto.createHash('BLAKE2b512').update(Buffer.from(parameters.otp, 'base64')).digest()

[8.22666]

[8.22821]

					blake3(token, {length: 16}),
					blake3(Buffer.from(ws.q.otp, 'hex'), {length: 16})

Replacement in server.js at line 133 [5.590]
B:BD[8.22828] → [8.22828:22869]
```
			)).rows[0];//possible timing attack?
```
[8.22828]
[8.22869]
```
			)).rows[0];
```
Replacement in server.js at line 147 [5.590]
B:BD[8.23079] → [8.23079:23123]
```
				user.token = token.toString('base64');
```
[8.23079]
[8.23123]
```
				user.token = token.toString('hex');
```

Replacement in server.js at line 258 [5.590]

B:BD[7.624] → [7.624:879]

					let token = await randomBytes(128);
					if((await pool.query(`update usr set otp_expiry = now() + interval '5 minute', otp_hash = $2 where email = $1`, [parameters.email, crypto.createHash('BLAKE2b512').update(token).digest()])).rowCount === 1) {

[7.624]

[7.879]

					let token = await randomBytes(16);
					if((await pool.query(`update usr set otp_expiry = now() + interval '5 minute', otp_hash = $2 where email = $1`, [parameters.email, blake3(token, {length: 16})])).rowCount === 1) {
						token = token.toString('hex');

Replacement in server.js at line 265 [5.590]

B:BD[7.1036] → [7.1036:1292]

							html: `<a href="https://www.lobojane.com/user?otp=${token.toString('base64')}">idk</a><div>Alternatively, copy and paste <code>${token.toString('base64')}</code> into the input field</div>if this wasn't you, let us know by replying to this email.`

[7.1036]

[7.1292]

							html: `<a href="https://www.lobojane.com/user?otp=${token}">idk</a><div>Alternatively, copy and paste <code>${token}</code> into the input field</div>if this wasn't you, let us know by replying to this email.`

Replacement in server.js at line 290 [5.590]
B:BD[7.1974] → [7.1974:2016]
```
					let token = await randomBytes(128);
```
[7.1974]
[8.26188]
```
					let token = await randomBytes(16);
```

Replacement in server.js at line 309 [5.590]

B:BD[8.26650] → [8.26650:26809]

							crypto.createHash('BLAKE2b512').update(token).digest(),
							crypto.createHash('BLAKE2b512').update(Buffer.from(parameters.otp, 'base64')).digest()

[8.26650]

[8.26809]

							blake3(token, {length: 16}),
							blake3(Buffer.from(parameters.otp, 'hex'), {length: 16})

Replacement in server.js at line 312 [5.590]
B:BD[8.26818] → [8.26818:26861]
```
					)).rows[0];//possible timing attack?
```
[8.26818]
[7.2411]
```
					)).rows[0];
```
Replacement in server.js at line 390 [5.590]
∅:D[8.29739] → [7.2655:2701]
B:BD[7.2655] → [7.2655:2701]
```
						user.token = token.toString('base64');
```
[8.29739]
[7.2701]
```
						user.token = token.toString('hex');
```

Replacement in server.js at line 417 [5.590]

B:BD[5.1734] → [8.30078:30121]

						let token = await randomBytes(128);

[5.1734]

[8.30121]

						let token = await randomBytes(16);

Replacement in server.js at line 433 [5.590]

B:BD[8.30599] → [8.30599:30664]

								crypto.createHash('BLAKE2b512').update(token).digest(),

[8.30599]

[8.30664]

								blake3(token, {length: 16}),

Replacement in server.js at line 439 [5.590]

B:BD[8.30779] → [2.0:109]

							data: {token: token.toString('base64')}/*sharedworker needs to intercept this and emit virtual event

[8.30779]

[8.30879]

							data: {token: token.toString('hex')}/*sharedworker needs to intercept this and emit virtual event

Replacement in server.js at line 511 [5.590]

B:BD[5.2852] → [5.2852:2897]

								let token = await randomBytes(128);

[9.5536]

[8.31741]

								let token = await randomBytes(16);

Replacement in server.js at line 513 [5.590]

B:BD[8.31787] → [8.31787:31990]

								await client.query('update usr set token_hash = $1 where user_id = $2', [crypto.createHash('BLAKE2b512').update(token).digest(), user.user_id]);//update to blake3 once it's available in openSSL

[8.31787]

[8.31990]

								await client.query('update usr set token_hash = $1 where user_id = $2', [blake3(token, {length: 16}), user.user_id]);

Replacement in server.js at line 582 [5.590]

B:BD[8.34899] → [8.34899:35008]

								//yuck, since json can't send binary, need to base64 encode. fyi base64 is smaller than hex(base16)

[8.34899]

[6.2229]

								//yuck, since json can't send binary, need to hex encode. fyi base64 is smaller than hex(base16), but after compressing, hex is smaller. also base64 has issues with regards to url encoding, and slower than hex

Replacement in server.js at line 587 [5.590]

B:BD[6.2515] → [8.35009:35089]

									data: {token: token.toString('base64'), god: user.god, acl: user.acl}

[6.2515]

[6.2536]

									data: {token: token.toString('hex'), god: user.god, acl: user.acl}

Replacement in server.js at line 602 [5.590]

B:BD[6.3314] → [6.3314:3359]

								let token = await randomBytes(128);

[6.3279]

[8.35425]

								let token = await randomBytes(16);

Replacement in server.js at line 604 [5.590]

B:BD[8.35471] → [8.35471:35761]

								await client.query('update usr set token_hash = $1, passphrase_hash = $3, webportal_hash = null where user_id = $2', [crypto.createHash('BLAKE2b512').update(token).digest(), user.user_id, await argon2.hash(parameters.passphrase)]);//update to blake3 once it's available in openSSL

[8.35471]

[8.35761]

								await client.query('update usr set token_hash = $1, passphrase_hash = $3, webportal_hash = null where user_id = $2', [blake3(token, {length: 16}), user.user_id, await argon2.hash(parameters.passphrase)]);

Replacement in server.js at line 673 [5.590]

B:BD[8.38670] → [8.38670:38779]

								//yuck, since json can't send binary, need to base64 encode. fyi base64 is smaller than hex(base16)

[8.38670]

[10.1687]

								//yuck, since json can't send binary, need to hex encode. fyi base64 is smaller than hex(base16), but after compressing, hex is smaller. also base64 has issues with regards to url encoding, and slower than hex

Replacement in server.js at line 678 [5.590]

B:BD[5.3500] → [8.38780:38860]

									data: {token: token.toString('base64'), god: user.god, acl: user.acl}

[5.3500]

[5.3521]

									data: {token: token.toString('hex'), god: user.god, acl: user.acl}