Timing attack - Revision history

Mouring at 04:50, 15 February 2006

2006-02-15T04:50:01Z

← Older revision		Revision as of 21:50, 14 February 2006
Line 1:		Line 1:
	If you ~~do network communication and one link sends data, does some computation and sends more data the time between those two sends can reveal~~ a ~~number~~ of ~~things~~, like how many cpu cycles could have been spent in all that time, similarely how many lines in a flat file traversed or whether or not a person is in a password database. Consider the [[password]] database if you login as any user that doesn't exist in the system the natural execution of code is to look up that user in the database and then compare the [[password]] crypts of that user, or not if the user doesn't exist. OpenSSH protects against someone trying to determine what users are on a system or not by still comparing a user to a dummy hash so that it looks like there is an actual crypt comparison happening. The code is in function [[fakepw]]() in auth.c of OpenSSH. Hindnote, ~~this is a good thought but the fakepw(~~) ~~in openssh doesn~~'t ~~work when BSD_AUTH is defined, which it is by default~~.		Timing attacks are attacks where you attempt to gleam information from a stream of communications (audio, digital, visual, etc) that wouldn't be normally avaliable.

	It'~~s good~~ to ~~implement decoys~~ to ~~timing attacks~~.		== Audio ==

			Studies have shown that recording the time between hitting keys on the keyboard can shorten the number of letters you need to try in order to less the amount of letters needed to guess the password. These attacks have also been discussed in terms of ATM machines and other places where single factor password authentication is required.

			== Digital ==

			These attacks are done on streaming data within a network environment.

			=== Not Sending Critical Data ===

			Some SSH implementations had an issue when data was not being echoed back to the user that you'd see packets sent from the user to the server, but you'd not see the equal packets pass back to the user. These normally occurred when using 'su' or any program that turned off shell echo. These type of attack alert the attacker that the data being sent could be critical (password, SSH passphrase, etc).

			=== Timing in Critical Periods ===

			These are in theory the same as the audio problem. The time it takes for a response could leak critical information. Consider the [[password]] database if you login as any user that doesn't exist in the system the natural execution of code is to look up that user in the database and then compare the [[password]] crypts of that user, or not if the user doesn't exist. OpenSSH protects against someone trying to determine what users are on a system or not by still comparing a user to a dummy hash so that it looks like there is an actual crypt comparison happening. The code is in function [[fakepw]]() in auth.c of OpenSSH. Hindnote, this is a good thought but the fakepw() in openssh doesn't work when BSD_AUTH is defined, which it is by default.

			== Visual ==

			Systems that show a character for each character could leak the length of passwords or passphrases. There was a study that flashing modem lights could leak such information.

Pbug at 08:19, 11 October 2005

2005-10-11T08:19:22Z

← Older revision		Revision as of 01:19, 11 October 2005
Line 1:		Line 1:
	If you do network communication and one link sends data, does some computation and sends more data the time between those two sends can reveal a number of things, like how many cpu cycles could have been spent in all that time, similarely how many lines in a flat file traversed or whether or not a person is in a password database. Consider the [[password]] database if you login as any user that doesn't exist in the system the natural execution of code is to look up that user in the database and then compare the [[password]] crypts of that user, or not if the user doesn't exist. OpenSSH protects against someone trying to determine what users are on a system or not by still comparing a user to a dummy hash so that it looks like there is an actual crypt comparison happening. The code is in function [[fakepw]]() in auth.c of OpenSSH.		If you do network communication and one link sends data, does some computation and sends more data the time between those two sends can reveal a number of things, like how many cpu cycles could have been spent in all that time, similarely how many lines in a flat file traversed or whether or not a person is in a password database. Consider the [[password]] database if you login as any user that doesn't exist in the system the natural execution of code is to look up that user in the database and then compare the [[password]] crypts of that user, or not if the user doesn't exist. OpenSSH protects against someone trying to determine what users are on a system or not by still comparing a user to a dummy hash so that it looks like there is an actual crypt comparison happening. The code is in function [[fakepw]]() in auth.c of OpenSSH. Hindnote, this is a good thought but the fakepw() in openssh doesn't work when BSD_AUTH is defined, which it is by default.

	It's good to implement decoys to timing attacks.		It's good to implement decoys to timing attacks.

Pbug at 07:42, 11 October 2005

2005-10-11T07:42:15Z

← Older revision		Revision as of 00:42, 11 October 2005
Line 1:		Line 1:
	If you do network communication and one link sends data, does some computation and sends more data the time between those two sends can reveal a number of things, like how many cpu cycles could have been spent in all that time, similarely how many lines in a flat file traversed or whether or not a person is in a password database. Consider the [[password]] database if you login as any user that doesn't exist in the system the natural execution of code is to look up that user in the database and then compare the [[password]] crypts of that user, or not if the user doesn't exist. OpenSSH protects against someone trying to determine what users are on a system or not by still comparing a user to a dummy hash so that it looks like there is an actual crypt comparison happening. The code is in function [[fakepw]]() in auth.c of OpenSSH.		If you do network communication and one link sends data, does some computation and sends more data the time between those two sends can reveal a number of things, like how many cpu cycles could have been spent in all that time, similarely how many lines in a flat file traversed or whether or not a person is in a password database. Consider the [[password]] database if you login as any user that doesn't exist in the system the natural execution of code is to look up that user in the database and then compare the [[password]] crypts of that user, or not if the user doesn't exist. OpenSSH protects against someone trying to determine what users are on a system or not by still comparing a user to a dummy hash so that it looks like there is an actual crypt comparison happening. The code is in function [[fakepw]]() in auth.c of OpenSSH.

			It's good to implement decoys to timing attacks.

Pbug at 07:41, 11 October 2005

2005-10-11T07:41:39Z

New page

If you do network communication and one link sends data, does some computation and sends more data the time between those two sends can reveal a number of things, like how many cpu cycles could have been spent in all that time, similarely how many lines in a flat file traversed or whether or not a person is in a password database. Consider the [[password]] database if you login as any user that doesn't exist in the system the natural execution of code is to look up that user in the database and then compare the [[password]] crypts of that user, or not if the user doesn't exist. OpenSSH protects against someone trying to determine what users are on a system or not by still comparing a user to a dummy hash so that it looks like there is an actual crypt comparison happening. The code is in function [[fakepw]]() in auth.c of OpenSSH.