The Problem
The admin revocation endpoint compares the bearer token using Go string equality:
```go
// drs-verify/pkg/revocation/admin_handler.go:53
if r.Header.Get("Authorization") != "Bearer "+token {
writeJSON(w, http.StatusUnauthorized, ...)
}
```
String comparison in Go short-circuits on the first differing byte. An attacker making repeated requests can measure response time differences to determine the token one byte at a time.
The codebase already uses `subtle.ConstantTimeCompare` in the DID resolver (`resolver/did.go:184`) and timestamp verification (`anchor/rfc3161.go:237`). The admin handler should do the same.
What Must Change
```go
import "crypto/subtle"
expected := "Bearer " + token
actual := r.Header.Get("Authorization")
if subtle.ConstantTimeCompare([]byte(expected), []byte(actual)) != 1 {
writeJSON(w, http.StatusUnauthorized, ...)
}
```
Severity
MEDIUM. Timing attacks against bearer tokens are theoretically possible but require many thousands of requests with sub-microsecond timing precision. In practice, network jitter makes this difficult over HTTP. But constant-time comparison is a one-line fix and the correct thing to do — especially when the rest of the codebase already does it.
The Problem
The admin revocation endpoint compares the bearer token using Go string equality:
```go
// drs-verify/pkg/revocation/admin_handler.go:53
if r.Header.Get("Authorization") != "Bearer "+token {
writeJSON(w, http.StatusUnauthorized, ...)
}
```
String comparison in Go short-circuits on the first differing byte. An attacker making repeated requests can measure response time differences to determine the token one byte at a time.
The codebase already uses `subtle.ConstantTimeCompare` in the DID resolver (`resolver/did.go:184`) and timestamp verification (`anchor/rfc3161.go:237`). The admin handler should do the same.
What Must Change
```go
import "crypto/subtle"
expected := "Bearer " + token
actual := r.Header.Get("Authorization")
if subtle.ConstantTimeCompare([]byte(expected), []byte(actual)) != 1 {
writeJSON(w, http.StatusUnauthorized, ...)
}
```
Severity
MEDIUM. Timing attacks against bearer tokens are theoretically possible but require many thousands of requests with sub-microsecond timing precision. In practice, network jitter makes this difficult over HTTP. But constant-time comparison is a one-line fix and the correct thing to do — especially when the rest of the codebase already does it.