←back to thread

181 points saikatsg | 1 comments | | HN request time: 0.207s | source
Show context
miki123211 ◴[] No.42208092[source]
Timing attacks are such a pernicious idea.

You look at the code and see that there's an auth check in place, you test the code to verify that the auth check has no bugs, you make sure that information is never shared with people who don't have authorization to access it, and yet it turns out it can be accessed as if there was no auth check at all.

To make matters worse, everything can be fine for some time, and then some clever optimization in the CPU, the compiler, cache layer or the database engine introduces a completely unexpected side channel.

replies(2): >>42208294 #>>42214191 #
emilfihlman ◴[] No.42214191[source]
Fortunately a quick fix is to first go through a cryptographically secure trapdoor function that makes the initial check security time invariant, like with sha256 with a random salt, before checking exact byte matching.
replies(1): >>42216885 #
1. tptacek ◴[] No.42216885[source]
This is an old (and unpopular) countermeasure for simple string timing attacks, but that's not what this article is talking about and that countermeasure isn't reasonable in most of the cases Kettle is talking about.