Skip to content

Comments

Fix timing attack length leak in examples#28135

Merged
elithrar merged 2 commits intoproductionfrom
opencode/issue23623-20260206111551
Feb 11, 2026
Merged

Fix timing attack length leak in examples#28135
elithrar merged 2 commits intoproductionfrom
opencode/issue23623-20260206111551

Conversation

@ask-bonk
Copy link
Contributor

@ask-bonk ask-bonk bot commented Feb 6, 2026

All tasks complete. Here's a summary of the changes:

Changes made to src/content/docs/workers/examples/protect-against-timing-attacks.mdx

Problem: All three code examples (TypeScript, Python, Hono) returned early when the user input and secret had different lengths. This defeats the purpose of timing-safe comparison — an attacker could determine the exact length of the secret by measuring response times (early return vs. full comparison).

Fix applied across all three examples (TypeScript, Python, Hono):

  • Removed the early-return length checks
  • When lengths match: compare userValue against secretValue directly via timingSafeEqual
  • When lengths differ: compare userValue against itself (always true) and negate it (becomes false), ensuring a constant-time comparison always runs regardless of length mismatch
  • Added inline comments in each code block explaining why early returns must be avoided

Prose changes:

  • Added a :::caution admonition block explicitly warning users not to return early on length mismatch and explaining the correct pattern

Review results: All three code snippets pass correctness review — the timing-safe logic is sound, edge cases (empty Authorization header producing zero-length buffers) are handled correctly, and the timingSafeEqual API usage matches the Cloudflare Workers runtime.

Note: The basic-auth.mdx example has the same early-return vulnerability in its timingSafeEqual wrapper function. That's a separate issue worth a follow-up fix.

Closes #23623

github run

@opencode-agent @elithrar
Fix timing attack length leak in examples
a287a8c 
Co-authored-by: elithrar <elithrar@users.noreply.github.com>
@ask-bonk ask-bonk bot mentioned this pull request Feb 6, 2026
Closed
@github-actions github-actions bot added product:workers Related to Workers product size/s labels Feb 6, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
/src/content/docs/workers/ @cloudflare/workers-docs, @GregBrimble, @irvinebroque, @mikenomitch, @korinne, @WalshyDev, @cloudflare/deploy-config, @cloudflare/pcx-technical-writing, @cloudflare/wrangler, @mattietk

@elithrar
Copy link
Collaborator

elithrar commented Feb 6, 2026

/bonk fix basic-auth.mdx too. Keep the change simple.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026
edited
Loading

Preview URL: https://79296255.preview.developers.cloudflare.com
Preview Branch URL: https://opencode-issue23623-20260206111551.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/workers/examples/protect-against-timing-attacks/ https://opencode-issue23623-20260206111551.preview.developers.cloudflare.com/workers/examples/protect-against-timing-attacks/
https://developers.cloudflare.com/workers/examples/basic-auth/ https://opencode-issue23623-20260206111551.preview.developers.cloudflare.com/workers/examples/basic-auth/

@opencode-agent
Fix timing attack length leak in basic-auth.mdx examples
7929625 
Replace early 'return false' on length mismatch with
'return !timingSafeEqual(aBytes, aBytes)' so a constant-time
comparison always runs, preventing an attacker from deducing the
secret length through response timing.
@ask-bonk
Copy link
Contributor Author

ask-bonk bot commented Feb 6, 2026

Done. Changed both the JavaScript and TypeScript timingSafeEqual wrapper functions in basic-auth.mdx:

  • Before: return false when lengths differ — leaks the secret's length via timing.
  • After: return !crypto.subtle.timingSafeEqual(aBytes, aBytes) — always runs a constant-time comparison (comparing input against itself, then negating to still return false).

The Rust and Hono examples in that file don't use this wrapper pattern, so they weren't affected.

github run

@elithrar elithrar enabled auto-merge (squash) February 6, 2026 12:14
@elithrar elithrar merged commit 6278935 into production Feb 11, 2026
9 checks passed
@elithrar elithrar deleted the opencode/issue23623-20260206111551 branch February 11, 2026 15:08
@elithrar elithrar mentioned this pull request Feb 11, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elithrar elithrar elithrar approved these changes

@irvinebroque irvinebroque irvinebroque approved these changes

@GregBrimble GregBrimble Awaiting requested review from GregBrimble GregBrimble is a code owner

@mikenomitch mikenomitch Awaiting requested review from mikenomitch mikenomitch is a code owner

@korinne korinne Awaiting requested review from korinne korinne is a code owner

@WalshyDev WalshyDev Awaiting requested review from WalshyDev WalshyDev is a code owner

@MattieTK MattieTK Awaiting requested review from MattieTK MattieTK is a code owner

Assignees

@MattieTK MattieTK

@irvinebroque irvinebroque

@mikenomitch mikenomitch

@GregBrimble GregBrimble

@WalshyDev WalshyDev

@korinne korinne

Labels

product:workers Related to Workers product size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Using timingSafeEqual examples are not safe?

7 participants

@elithrar @irvinebroque @MattieTK @mikenomitch @GregBrimble @WalshyDev @korinne