I filed this bug against keystone because it is the most practically exploitable. Everywhere else that uses a tokenized API or signatures should be audited.
For those who haven't encountered them before, the timing attacks I'm reporting here allow an attacker to deduce the correct value for authentication tokens in much less than brute force time when those tokens are validated with a simple equality comparison.
A quick and easy introduction:
Some practical recent research:
(the actual presentation)
Keystone uses passlib to hash and compare user passwords. This is good, because it includes an opaque password validity check which is hardened against timing attacks.
Unfortunately, most of the other token validation routines in openstack use equality comparisons for this, rather than a constant time compare function like this one:
Here are a few examples of brokenness. There are probably quite a few more, I haven't done a full audit.
This one is more subtle - given a valid token, it allows an attacker to deduce the correct username
While these vulnerabilities may be difficult to exploit over the general internet, an openstack installation can expect an attack from a compromised node, which may be as far away as gigabit switched ethernet, or as close as a vm container on the same physical host. In the latter case, timing attacks even against string comparisons are eminently practical.
Timing attacks are one of the topics I'll be discussing at Pycon on March 9. It would be nice to have these fixed before then.