Hi Lester,
On Thu, Feb 6, 2014 at 2:49 PM, Lester Caine <[email protected]> wrote:
> Rouven Weßling wrote:
>
>> Hiding a string length is really tricky, and only possible to a more
>>> >limited extent than hiding byte value differences.
>>>
>> That's probably a good conclusion. I think we should just document this
>> as potentially leaking information about the length. If we do find ways to
>> reduce this, by all means, we should take them.
>>
>
> Another one of my silly questions ...
> What exactly are we trying to protect against?
> As I understand it, the 'timing attack' is measuring the time it takes to
> get a response form a login attempt? It is then using the time to make
> assumptions about valid and invalid user names? So having got what it
> thinks is a valid name it can then target an attack for the password? My
> own accesses to this information are direct to a database query so none of
> the comparisons you are looking at affect me, but at the PHP level I add
> delays based on previous failures, so three attempts at a login give a
> longer delay. One protects against the password attack rather than worrying
> too much about if the user name is valid? In most cases a public email
> address is also the user name anyway?
Timing attack can be used to guess hash itself, one by one.
There are many use cases that may be attacked by timing. e.g. API key
This way, unbreakable random hash may be broken relatively easy.
Regards,
--
Yasuo Ohgaki
[email protected]