scf@ieee.org wrote:
Howards mentioned in another wrongly submitted issue (#9139) that "memcmp.c isn't even referenced in the Makefile, so none of this code is used." Here is the clarification, even if memcmp.c is not used, gcc or other compilers' implementations of memcmp is still unsafe (https://github.com/gcc-mirror/gcc/blob/master/libiberty/memcmp.c).
Even so, it's largely irrelevant. The default password storage scheme is a salted hash, not CLEARTEXT. The cleartext code isn't even compiled unless you explicitly configure to enable SLAPD_CLEARTEXT, and that is always disabled by default.
In the normal case, where any form of hash is used, the likelihood of gaining any useful timing information from a bytewise compare of two hashes is nil. The attacker would need to know the salt and the hash algo itself would have to be vulnerable to chosen-plaintext attacks for them to be able to leverage the timing and determine match lengths.
Can you actually demonstrate a password extraction attack using memcmp timing side-channel against salted SHA1?