

A lesson in timing attacks - llambda
http://codahale.com/a-lesson-in-timing-attacks/?

======
yread
> We have shown that, even though the Internet induces significant timing
> jitter, we can reliably distinguish remote timing differences as low as
> 20µs.

Server CPU = 2GHz, 2 instructions per cycle, time for instruction=1/4 ns. Does
comparing a byte in a Java array really require 80,000 instructions? How does
this work?

~~~
tptacek
It's tens of nanoseconds per byte in JDK6; multiple orders of magnitude slower
than C memcmp, because Java implements the compare in Java, not just as a
wrapper around C.

It's exploitable "on LAN, but not over the Internet", which is deceptive
because "on LAN" also means "anywhere from within the same hosting center";
attackers can get on the "same LAN" as most servers for tens of dollars.

------
tptacek
Since Coda wrote this, Nate Lawson also did a whole Black Hat talk about
exploiting timing attacks:

<http://www.youtube.com/watch?v=ehxjAq59xEw>

------
etaty
Already posted : <http://news.ycombinator.com/item?id=760917>

HN should remove all after the '?' then do a diff between the 2 contents, and
keep the short url if the contents are the same.

~~~
nbpoole
It was posted almost two years ago. While duplicate posts can be an issue,
having well-written, useful content show up twice in two years doesn't seem
excessive to me.

There was some helpful Q&A in that old discussion though, so it's good that
you linked to it.

------
levigross
If you look at the Golang source code (copied here:
<https://gist.github.com/954801> ) you will see that they have something
similar. But they use two's complement as well to compare the true or false.

~~~
eneveu
Well-chosen package name:

    
    
      // Package subtle implements functions that are often useful in cryptographic
      // code but require careful thought to use correctly.
      package subtle

------
RegEx
Could someone explain what "result |= x ^ y" does? Better yet, can someone
point me to a search engine that lets me search for symbols?

<http://www.google.com/search?q=python+|%3D>

~~~
matthavener
| is bitwise OR ^ is bitwise XOR

so, "result |= x ^ y" will change result to true if x and y are different.
since its bitwise, the bits that are different between x and y will be set in
result

~~~
reemrevnivek
More precisely, "result |= x ^ y" will change result to be nonzero, not
"true".

For example, if x = 0b0101 and y = 0b0011, x ^ y = 0b0110. If result was
previously 0b0011 from a previous test, then after "result |= 0b0110" result
will be 0b0111.

Of course, in many programming languages (including Java and Python), a value
of zero is interpreted as false and anything else is true.

------
MostAwesomeDude
I have a system which includes date information in HMACs and reduces the
window for chopchopping a single HMAC down to a single day. Should I still
make sure these things can't happen in my code? How reliable are these
attacks? It's hard to find public PoC code for these things.

