Hi all,
On Fri, Feb 7, 2014 at 9:32 AM, Tjerk Meesters <[email protected]>wrote:
> > Hi all,
> >
> > On 6 February 2014 23:18, Lester Caine <[email protected]> wrote:
> > > Yasuo Ohgaki wrote:
> > >>
> > >> Timing attack can be used to guess hash itself, one by one.
> > >> There are many use cases that may be attacked by timing. e.g. API key
> > >> This way, unbreakable random hash may be broken relatively easy.
> > >
> > >
> > > What I am missing Yasuo is a practical example of how this can be
> > actioned
> > > as my normal methods would simply delay any following attempt to use a
> > hash
> > > after a few failed attempts. That should be normal practice to block a
> > hack
> > > attempt?
> >
> > I can run a server indefinitely. So can an attacker. What you're
> > saying is that a time delay is added to lock an account. If you
> > compare that to a timing attack requiring 1000 requests (assumed) with
> > a 3 second inter-request delay from your measure, you end up with a
> > total execution time of one hour (approx).
>
>
> I think he meant that the server responds immediately, but the login will
> fail when attempted before the imposed time-out has run its course. If the
> server actually sleeps for a few seconds it becomes a DoS target.
iptables is our friend. hashlimit is useful.
Regards,
P.S. I mixed up something with xxhash in previous mail. Google provides
32bit version now.
https://code.google.com/p/xxhash/
P.S2. I've update compare sample.
https://github.com/yohgaki/php-src/compare/PHP-5.6-rfc-hash-compare
There are functions to play with.
bool str_siphash_compare(str, str) - siphash(64bit)
bool str_xxhash32_compare(str, str) - xxhash(32bit)
bool str_md5_compare(str, str) - md5 hash(128bit)
bool str_byte_compare(str, str) - timing safe
bool str_compare(str, str) - normal strncmp
--
Yasuo Ohgaki
[email protected]