On Fri, Dec 2, 2011 at 12:31 AM, Jon Callas <[email protected]> wrote: > > On Dec 1, 2011, at 2:37 PM, Jerrie Union wrote: > >> I’m wondering, if it’s running as some authenticated server application, if >> it should be considered as resistant to time attacks nowadays. I’m aware >> that’s >> not a good practice, but I’m not clear if I should consider it as >> exploitable over the >> network (on both intranet and internet scenarios). >> >> I would like to run some tests, but I’m not sure if I should follow some >> specific >> approach. Anyone has done some research recently? > > I agree with Ian. You have correctly observed that the check algorithm is not > constant time. This is a flaw. But you're doing a hash, and consequently that > flaw may not be observable. It is therefore a very small flaw.
If the attacker has direct control over the challenge/digest, the side channel may turn to be observable. The attacker could query adaptively the authentication server and exploit the timing information to recover the hashed secret - gaining access. If the hash is not salted, a secret preimage can be found with a TMTO attack. -- alfonso blogs at http://Plaintext.crypto.lo.gy tweets @secYOUre _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
