Rasmus Lerdorf wrote:
On Feb 8, 2014, at 9:23, Lester Caine <
[email protected]> wrote:
Specifically looking at the 'timing attack', as I understand it, if a comparison process scans all elements and simply sets a flag when failure is detected which is not used until all characters have been processed. Which is the reason for establishing 'safely' the number of characters involved. Using 64bit functions rather than 32bit will also change the way that process works?
I think the one simple detail you are missing is that many/most string comparisons will short-circuit as soon as it hits a character that doesn't match.
But why on earth on 64 bit processors are we still comparing 'byte by byte'?
Ok, let's look at theory: to let this attack to be possible there must me a correlation
between system response time and the distance between attempted password and right
password in any functional space. I can imagine encrypting algorithm for which it is true,
but SHA1 used in Firebird or MD5 used in Linux are different. They work not with every
symbol of password and key separately, but with whole fixed size array of bytes, filling
the rest of the buffer with zeros or salt. In this case (as I already said) there is no
correlation between working time and buffer content (O(N) = N/sizeof(buffer) which for
N<sizeof(buffer) == 1), so timing attack is not possible.
I would say that your passwords are out of danger.
Even on a 32bit system you would be comparing 4 bytes at a time not one ...
The attack will only work if one slowly compares a byte at a time?
If you think about that a little bit I am sure you can think of a nice algorithm for narrowing in on the password character by character. That is, if 'aaaa' consistently takes longer to compare against the password compared to 'bbbb' then there is a good chance that the first character of the password is 'a'. Looking at the firebird implementation that seems to be the case there as well. Of course, network jitter and other factors make this a complicated attack, but that doesn't change the fact that there is a faint signal there and with enough iterations it has been proven to be possible to separate that signal from the noise.
As a fun little experiment for yourself, try implementing an iterative timing attack against your local Firebird database password and see if you can find the signal in the noise.
While an 8 character password is considered unsafe, it is only a single compare on a 64 bit system? But then this is one of the areas which then causes problems if you now want to use multi-byte characters :(
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk