Collaborate Disseminate
I’m using Rust to create a program to attempt a timing attack on a network resource (a printer I lost a password to). I’m wired directly into it. What Linux environmental constraints can I optimize to minimize noise and variability?
Curren… Continue reading What optimization can be made for nanosecond IO and CPU stability when performing a timing attack?
Context
I’ve been recently looking at UUIDs (mostly v4) and their uses to maybe start using them in some of my apps. I started asking myself some question about security as one does. Then I fell on the Is it safe to rely on UUIDs for priva… Continue reading Are webservers’s file serving safe against timing attacks?
I am using bcrypt.js for basic login. I have found that the below code runs noticeably quicker when no user is found, since it exits immediately, and no check is done on the hash. This could give an attacker insight into whether a username… Continue reading Timing Attack using bcrypt.js
Premise: When looking up a secret value in a DB (API key, token, maybe username) it’s near-impossible to guarantee that the lookup doesn’t leak something about the similarity of the candidate value to an existing value. So it makes sense t… Continue reading Constant-time processing only for failures okay?
Conditional code considered cryptographically counterproductive. Continue reading Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English… Continue reading OpenSSL fixes High Severity data-stealing bug – patch now!
If I have sensitive HTTP routes that could be subject to timing attacks (trying to guess an ID, user, etc.), is there a way without modifying the application code that it could be wrapped with a network tweak, proxy, or some other program … Continue reading Is there a generic way to prevent HTTP timing attacks for sensitive requests?
I have a application where users can log in by providing a username or email address (both case insensitive) and a password. In the users table in the database, the relevant account information is stored in three columns lowercase_usernam… Continue reading What are best practices for finding an account in a SQL database during authentication? Is using `LIMIT 1` vulnerable to timing attacks?
This question is purely theoretical, I have no intention of ever implementing this scheme in practice. I’m familiar with the shortcomings of sleeping as means of mitigating timing attacks. I’m more interested in this from the attacker’s pe… Continue reading Does this theoretical salted-hash-sleep scheme mitigate timing attacks?
Here is the code which potentially can allow a timing attack
$user = getUserFromDatabase($input_username);
if ($user === false) { // potential timing attack
// user not exist
http_response_code(401);
echo json_encode(["me… Continue reading How to prevent a timing attack when I do/don’t perform password_verify (depending if the user exists)?