Hacker News new | past | comments | ask | show | jobs | submit login
A lesson in timing attacks (codahale.com)
77 points by llambda on July 19, 2011 | hide | past | favorite | 15 comments



> We have shown that, even though the Internet induces significant timing jitter, we can reliably distinguish remote timing differences as low as 20µs.

Server CPU = 2GHz, 2 instructions per cycle, time for instruction=1/4 ns. Does comparing a byte in a Java array really require 80,000 instructions? How does this work?


It's tens of nanoseconds per byte in JDK6; multiple orders of magnitude slower than C memcmp, because Java implements the compare in Java, not just as a wrapper around C.

It's exploitable "on LAN, but not over the Internet", which is deceptive because "on LAN" also means "anywhere from within the same hosting center"; attackers can get on the "same LAN" as most servers for tens of dollars.


Additionally Sidechannel timing attacks against EC2 instances have been very successful. The attackers have been able to get very close to the machines and in some instances on the actual box.


That's from constructing all of the factories involved...


Since Coda wrote this, Nate Lawson also did a whole Black Hat talk about exploiting timing attacks:

http://www.youtube.com/watch?v=ehxjAq59xEw


Already posted : http://news.ycombinator.com/item?id=760917

HN should remove all after the '?' then do a diff between the 2 contents, and keep the short url if the contents are the same.


It was posted almost two years ago. While duplicate posts can be an issue, having well-written, useful content show up twice in two years doesn't seem excessive to me.

There was some helpful Q&A in that old discussion though, so it's good that you linked to it.


If you look at the Golang source code (copied here: https://gist.github.com/954801 ) you will see that they have something similar. But they use two's complement as well to compare the true or false.


Well-chosen package name:

  // Package subtle implements functions that are often useful in cryptographic
  // code but require careful thought to use correctly.
  package subtle


Could someone explain what "result |= x ^ y" does? Better yet, can someone point me to a search engine that lets me search for symbols?

http://www.google.com/search?q=python+|%3D


| is bitwise OR ^ is bitwise XOR

so, "result |= x ^ y" will change result to true if x and y are different. since its bitwise, the bits that are different between x and y will be set in result


More precisely, "result |= x ^ y" will change result to be nonzero, not "true".

For example, if x = 0b0101 and y = 0b0011, x ^ y = 0b0110. If result was previously 0b0011 from a previous test, then after "result |= 0b0110" result will be 0b0111.

Of course, in many programming languages (including Java and Python), a value of zero is interpreted as false and anything else is true.


Try using words instead, http://www.google.com/search?q=python+pipe+equals


  result |= x ^ y
means

  result = result | (x ^ y)
means

  result = result 'bitwise-or' (x 'bitwise-xor' y)


I have a system which includes date information in HMACs and reduces the window for chopchopping a single HMAC down to a single day. Should I still make sure these things can't happen in my code? How reliable are these attacks? It's hard to find public PoC code for these things.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: