On Fri, Dec 2, 2011 at 12:31 AM, Jon Callas <[email protected]> wrote:
>
> On Dec 1, 2011, at 2:37 PM, Jerrie Union wrote:
>
>> I’m wondering, if it’s running as some authenticated server application, if
>> it should be considered as resistant to time attacks nowadays. I’m aware 
>> that’s
>> not a good practice, but I’m not clear if I should consider it as 
>> exploitable over the
>> network (on both intranet and internet scenarios).
>>
>> I would like to run some tests, but I’m not sure if I should follow some 
>> specific
>> approach. Anyone has done some research recently?
>
> I agree with Ian. You have correctly observed that the check algorithm is not 
> constant time. This is a flaw. But you're doing a hash, and consequently that 
> flaw may not be observable. It is therefore a very small flaw.

If the attacker has direct control over the challenge/digest, the side
channel may turn to be observable. The attacker could query adaptively
the authentication server and exploit the timing information to
recover the hashed secret - gaining access. If the hash is not salted,
a secret preimage can be found with a TMTO attack.

-- alfonso     blogs at http://Plaintext.crypto.lo.gy   tweets @secYOUre
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to