Timing attack with PHP

Asked
Active3 hr before
Viewed126 times

5 Answers

timing
90%

"binary safe" means that any bytes can be safely compared with strcmp, not just valid characters in some character set. A quick test confirms that strcmp is not safe against timing attacks:,strcmp - what is means "Binary safe string comparison"? This compare is safe for the timing attack?,it tests a 512bit text and it compares with two tests and compares the times.,The problem with strcmp is, that it depends on implementation. If it binarily compares each byte of strings until it reaches difference or end of either strings, then it is vulnerable to timing attack.

"binary safe" means that any bytes can be safely compared with strcmp, not just valid characters in some character set. A quick test confirms that strcmp is not safe against timing attacks:

$nchars = 1000;
$s1 = str_repeat('a', $nchars + 1);
$s2 = str_repeat('a', $nchars).
'b';
$s3 = 'b'.str_repeat('a', $nchars);

$times = 100000;

$start = microtime(true);
for ($i = 0; $i < $times; $i++) {
   strcmp($s1, $s2);
}
$timeForSameAtStart = microtime(true) - $start;

$start = microtime(true);
for ($i = 0; $i < $times; $i++) {
   strcmp($s1, $s3);
}
$timeForSameAtEnd = microtime(true) - $start;

printf("'b' at the end: %.4f\n'b' at the front: %.4f\n", $timeForSameAtStart, $timeForSameAtEnd);
load more v
88%

1. What Is A Remote Timing Attack?1.1. Protecting Against Comparison Attacks,2. Other Types Of Timing Attacks - Index Lookup2.1. Defense Against Cache-Timing Attacks:,An interesting pull request has been opened against PHP to make bin2hex() constant time. This has lead to some interesting discussion on the mailing list (which even got me to reply :-X). There has been pretty good coverage over remote timing attacks in PHP, but they talk about string comparison. I’d like to talk about other types of timing attacks.,2.1. Defense Against Cache-Timing Attacks:

So in this case, you’d do something like hashing the user input with a local secret to determine the delay to use:

function delay($input, $secret_key) {
   $hash = crc32(serialize($secret_key.$input.$secret_key));
   // make it take a maximum of 0.1 milliseconds
   time_nanosleep(0, abs($hash % 100000));
}
load more v
72%

This function should be used to mitigate timing attacks; for instance, when testing crypt() password hashes. ,hash_equals — Timing attack safe string comparison, It is important to provide the user-supplied string as the second parameter, rather than the first. , Both arguments must be of the same length to be compared successfully. When arguments of differing length are supplied, FALSE is returned immediately and the length of the known string may be leaked in case of a timing attack.

bool(true)
bool(false)
65%

A timing attack is a rather sophisticated way to circumvent the security mechanisms of an application. In a timing attack, the attacker gains information that is indirectly leaked by the application. This information is then used for malicious purposes, such as guessing the password of a user.,Finally, monitoring user activity and blocking brute-force attacks through rate limiting help identify this type of attack and is generally advisable.,In this example, we are examining a web-based document storage application that allows users to access their data through an HTTP-based API., Invaluable insights into the state of security in your application

def authenticate(subdomain, api_key)
customer = Customer.find_by_subdomain(subdomain)

if customer
if api_key == customer.api_key # Timing attack vector
return customer
else
   raise 'Invalid API key'
end
else
   raise 'No customer was found'
end
end
load more v
75%

hash_equals — Timing attack safe string comparison, Compares two strings using the same time whether they're equal or not. ,Timing attack safe string comparison, Returns TRUE when the two strings are equal, FALSE otherwise.

bool(true)
bool(false)

Other "timing-undefined" queries related to "Timing attack with PHP"