Highest Voted 'timing-attack' Questions - IT Security Stack Exchange

0

votes

0 answers

Length-constant password comparison in scrypt?

E.g.: XORing the candidate against stored then comparing against 0. Do I need to worry? (my question is much in the same style as this question: Does bcrypt compare the hashes in "length-constant" time?)

asked Apr 20 '14 at 09:29

A T

183
7

0

votes

1 answer

Timing Attacks in RSA

Considering the classic scenario of Eve trying to listen in to Alice and Bob's conversation, if Eve can intercept messages between Alice and Bob but with no access to their computers would Timing attacks be possible? Am I right in saying it isnt…

rsa timing-attack

asked Mar 17 '14 at 23:04

obsessiveCookie

125
4

0

votes

1 answer

How to specify a Snort rule connection duration?

Is it even possible to specify into a snort rule the duration of a connection? For example: in this format Hour, Minute, Second H, M, S = 0, 2, 1 If a connection that has the duration of 2 minutes and 1 second, then alert. Or in this sense: If a…

network attack-prevention ids snort timing-attack

asked Apr 25 '13 at 18:12

nixor01

87
1
8

0

votes

0 answers

Is there a generic way to prevent HTTP timing attacks for sensitive requests?

If I have sensitive HTTP routes that could be subject to timing attacks (trying to guess an ID, user, etc.), is there a way without modifying the application code that it could be wrapped with a network tweak, proxy, or some other program so timing…

http timing-attack

asked May 26 '22 at 15:17

Nick T

3,382
4
21
28

0

votes

2 answers

What are best practices for finding an account in a SQL database during authentication? Is using `LIMIT 1` vulnerable to timing attacks?

I have a application where users can log in by providing a username or email address (both case insensitive) and a password. In the users table in the database, the relevant account information is stored in three columns lowercase_username,…

databases timing-attack

asked May 24 '22 at 15:17

limitone

3
1

0

votes

0 answers

How to prevent a timing attack when I do/don't perform password_verify (depending if the user exists)?

Here is the code which potentially can allow a timing attack $user = getUserFromDatabase($input_username); if ($user === false) { // potential timing attack // user not exist http_response_code(401); echo json_encode(["message" =>…

php timing-attack

asked Jan 04 '22 at 17:45

JoJo

11

0

votes

0 answers

Is using a developer key to protect a REST API good practice?

I'd like to implement a RESTful API service over HTTP that developers can call from their server side environments. I intend to use a cryptographically secure pseudo-random number generator (CSPRNG) to generate keys and then convert the bits to a…

authorization rest web-service side-channel timing-attack

asked Dec 02 '21 at 20:02

Andy Fusniak

113
4

0

votes

0 answers

Constant-Time String-to-Byte Encoding for JavaScript

When dealing with cryptographic secrets (private keys, passwords, etc) it is desirable to not run these secrets through functions that do not run in constant time, in order to avoid the potential for side channel attacks. An example of this would be…

javascript side-channel timing-attack

asked Nov 15 '21 at 15:30

Danilo Bargen

336
1
4
11

0

votes

0 answers

In the time side channel, is there any way to improve the measurement time accuracy?

I want to measure the execution time of a function. The execution time of this function is only slightly different in the two cases. Is there any way I can accurately measure its time to distinguish the two cases? The possible solutions are: Use…

timestamp side-channel timing-attack time

asked Nov 24 '20 at 12:07

Gerrie

101
2

0

votes

1 answer

Are there any mechanisms in TLS 1.2 protocol against timing attacks?

Are there any mechanisms in the TLS 1.2 protocol (not implementation) against timing attacks? For example, that the handshake response time should be padded to X milliseconds? Or should I implement such mechanisms manually ?

tls timing-attack

asked Aug 05 '17 at 03:32

Bleeding Alice

29
4

-1

votes

1 answer

Are there security implications to not installing the Leap Second patch on Red Hat systems?

What are Leap Seconds? A leap second is a second which is added to Coordinated Universal Time (UTC) in order to synchronize atomic clocks with astronomical time. The reason we have to add a second every now and then, is that Earth's rotation around…

centos timestamp timing-attack

asked Jun 10 '15 at 15:05

Michael

1,457
1
18
36

-2

votes

1 answer

Why did I get unresponsive script when I start my system and open web browser?

The script on opening web broswersays Warning: Unresponsive Script A script on this page may be busy,or it may have stopped responding.You can stop the script now,or you can continue to see if the script will…

attacks malware known-vulnerabilities timing-attack

asked May 07 '12 at 09:33

harvardfail

193
8

-3

votes

1 answer

What threats involve in cache miss

What are the possible consequences of a cache miss? In other word, is it possible that a cache miss could cause a security threat? Thank you.

cryptography attacks threats timing-attack caching

asked Sep 29 '15 at 19:58

Michael

403
2
9

Questions tagged [timing-attack]