Timing attack: Difference between revisions

From Hackepedia
Jump to navigationJump to search
← Older editNewer edit →
No edit summary
No edit summary
Line 1: Line 1:
If you do network communication and one link sends data, does some computation and sends more data the time between those two sends can reveal a number of things, like how many cpu cycles could have been spent in all that time, similarely how many lines in a flat file traversed or whether or not a person is in a password database.  Consider the [[password]] database if you login as any user that doesn't exist in the system the natural execution of code is to look up that user in the database and then compare the [[password]] crypts of that user, or not if the user doesn't exist.  OpenSSH protects against someone trying to determine what users are on a system or not by still comparing a user to a dummy hash so that it looks like there is an actual crypt comparison happening.  The code is in function [[fakepw]]() in auth.c of OpenSSH.
If you do network communication and one link sends data, does some computation and sends more data the time between those two sends can reveal a number of things, like how many cpu cycles could have been spent in all that time, similarely how many lines in a flat file traversed or whether or not a person is in a password database.  Consider the [[password]] database if you login as any user that doesn't exist in the system the natural execution of code is to look up that user in the database and then compare the [[password]] crypts of that user, or not if the user doesn't exist.  OpenSSH protects against someone trying to determine what users are on a system or not by still comparing a user to a dummy hash so that it looks like there is an actual crypt comparison happening.  The code is in function [[fakepw]]() in auth.c of OpenSSH.  Hindnote, this is a good thought but the fakepw() in openssh doesn't work when BSD_AUTH is defined, which it is by default.


It's good to implement decoys to timing attacks.
It's good to implement decoys to timing attacks.

Revision as of 01:19, 11 October 2005

If you do network communication and one link sends data, does some computation and sends more data the time between those two sends can reveal a number of things, like how many cpu cycles could have been spent in all that time, similarely how many lines in a flat file traversed or whether or not a person is in a password database. Consider the password database if you login as any user that doesn't exist in the system the natural execution of code is to look up that user in the database and then compare the password crypts of that user, or not if the user doesn't exist. OpenSSH protects against someone trying to determine what users are on a system or not by still comparing a user to a dummy hash so that it looks like there is an actual crypt comparison happening. The code is in function fakepw() in auth.c of OpenSSH. Hindnote, this is a good thought but the fakepw() in openssh doesn't work when BSD_AUTH is defined, which it is by default.

It's good to implement decoys to timing attacks.

Retrieved from "https://hackepedia.org/?title=Timing_attack&oldid=1855"