[security] Widespread Timing Vulnerabilities in OpenID implementations
James A. Donald
jamesd at echeque.com
Thu Jul 15 03:13:40 UTC 2010
On 2010-07-14 4:12 PM, Eric Norman wrote:
> If I understand the alleged attack correctly, it depends on the timing difference if a standard
> byte sequence comparison is "optimized" by exiting as soon as two bytes differ.
>
> Has code been written that actually demonstrates that this can be effective? That is, has code
> been written to demonstrate that the time to execute, for instance, about two instructions
> between failure of the byte comparison at the first byte and failure at the second byte can
> actually be detected over a network?
While timing leaks need to be fixed as a matter of policy, perhaps by
starting the compare at a random point within the token, this is not a
real leak, since the timing difference is nanoseconds, and routing
jitter is milliseconds
More information about the security
mailing list