Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72410 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 97923 invoked from network); 8 Feb 2014 17:09:48 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 Feb 2014 17:09:48 -0000 Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.160.171 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.160.171 mail-yk0-f171.google.com Received: from [209.85.160.171] ([209.85.160.171:45888] helo=mail-yk0-f171.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B6/C0-28087-9D466F25 for ; Sat, 08 Feb 2014 12:09:47 -0500 Received: by mail-yk0-f171.google.com with SMTP id q9so2583453ykb.2 for ; Sat, 08 Feb 2014 09:09:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=07dF2z9APVq/Btn37NQdAoqrEheDLURmpvE+T0u6sBM=; b=Y0tgDQhCzi4LinPGpekATVIyDvcIUqmcNnHyrprnWQb63FSodlwd7a0YM33UWujHL2 xK+biBiQwWB4OXfSgIl7J3sYhTw7MEMMakuWlBpvECHequH6CCvYB66M/xX75r7SZ8q7 BfouxDkRZM9KDdwL9OsAvnda+yIQDO4DAzKt/SG3ZCZ0HQzMSbdtiOdbVWV9+lFbVmqo ZuipYyGONhFetrxZu5MsgZ8U4nEaAI2egZ7QiZ0ZiiuW2Wf84YTdavAvW1a6x5jQuac/ LZXn4mb6N6n0ddiaeJ3Ijawu8pLa8ecvqeFPx8rf3ncNWYZIAaUyHESNSONxIH8SffQJ o3yw== X-Gm-Message-State: ALoCoQnmV226lzfBC2+nGcdJWcixCOWxcRPqI3bgbeLV61eORiygx9RlsCKqRfKdsHec9rLkf/AO X-Received: by 10.236.123.193 with SMTP id v41mr1958902yhh.68.1391879382444; Sat, 08 Feb 2014 09:09:42 -0800 (PST) Received: from [10.198.74.224] (mobile-166-147-117-229.mycingular.net. [166.147.117.229]) by mx.google.com with ESMTPSA id q9sm24071566yhk.16.2014.02.08.09.09.41 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 08 Feb 2014 09:09:41 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) X-Mailer: iPad Mail (11B554a) In-Reply-To: <52F63DDE.6090600@lsces.co.uk> Date: Sat, 8 Feb 2014 12:09:39 -0500 Cc: PHP internals Content-Transfer-Encoding: quoted-printable Message-ID: <1D9112B0-8383-4C19-90AC-6B2F249C049F@lerdorf.com> References: <52F61A78.1020401@lsces.co.uk> <52F62B08.6050201@ajf.me> <52F63DDE.6090600@lsces.co.uk> To: Lester Caine Subject: Re: [PHP-DEV] Security Diligence From: rasmus@lerdorf.com (Rasmus Lerdorf) On Feb 8, 2014, at 9:23, Lester Caine wrote: >=20 > Specifically looking at the 'timing attack', as I understand it, if a comp= arison process scans all elements and simply sets a flag when failure is det= ected which is not used until all characters have been processed. Which is t= he reason for establishing 'safely' the number of characters involved. Using= 64bit functions rather than 32bit will also change the way that process wor= ks? I think the one simple detail you are missing is that many/most string compa= risons will short-circuit as soon as it hits a character that doesn't match.= If you think about that a little bit I am sure you can think of a nice algo= rithm for narrowing in on the password character by character. That is, if '= aaaa' consistently takes longer to compare against the password compared to '= bbbb' then there is a good chance that the first character of the password i= s 'a'. Looking at the firebird implementation that seems to be the case ther= e as well. Of course, network jitter and other factors make this a complicat= ed attack, but that doesn't change the fact that there is a faint signal the= re and with enough iterations it has been proven to be possible to separate t= hat signal from the noise.=20 As a fun little experiment for yourself, try implementing an iterative timin= g attack against your local Firebird database password and see if you can fi= nd the signal in the noise. -Rasmus=