I found that memcmp() will return false earlier if the first byte is different in both strings, and I thought it has a timing attack risk. However, wh ...
I found that memcmp() will return false earlier if the first byte is different in both strings, and I thought it has a timing attack risk. However, wh ...
I have a code for polynomial multiplication and it is written in C. I heard that whether a particular instruction is "constant time" can vary by archi ...
Recently I came past this write up of a CTF on hackerone. In this writeup part of completing the challenge was to perform a timing attack. It spiked m ...
I have different REST-API views where I either send a mail (if an account exists) or do not send a mail. For example, the user can input the email in ...
I use this code to login a user. The password is encrypted with bcrypt and the SALT_ROUNDS is the same for every user const user = await User.findOne ...
sorry if this is a weird question. I was actually curious about timing attacks, so I have done a little research and understood the concept. I unders ...
So, I'm authing a pretty short list of users for a mostly private server, and the login data for these users in stored in an object. The object is str ...
This is a borderline topic. Since I wanted to know about programming, CPU cache memory, reading CPU cache lines etc, I'm posting it here. I was imple ...
I'm looking for a constant-time implementation of realpath() , does one exist? I'm in a situation where a malicious actor may control the argument f ...
I am building an application that is sensitive to timing attacks. I was thinking of instead of making an "if tree" where you nest if statement, just r ...
Python has a method specifically for comparing HMAC to prevent timing attacks: https://docs.python.org/3.7/library/hmac.html#hmac.compare_digest And ...
On Stackoverflow I found the following String-Equal-Function, which should be resistent against timing attacks. I wonder why this is save against t ...
I'm working on a project implementing a side channel timing attack in C on HMAC. I've done so by computing the hex encoded tag and brute forcing byte- ...
I'm trying to produce a timing attack in PHP and am using PHP 7.1 with the following script: This is searching for a word with the following c ...
I am not very familiar with security stuff, but have encountered this constant time function to prevent timing attacks: https://github.com/salesfor ...
i need to iteratively generate number x, which follow these conditions (x^z) mod n * x < n n is known, z changes in every cycle i need it ...
I have two question that I don't understand. Please help me take a look.Thanks. What is the use of MessageDigest.isEqual function in Java? ...
A way to prevent timing attacks for hash string comparison is to perform additional HMAC signing in order to randomize the verification process (see h ...
Today I woke up and thought if it would be possible to predict Strings only analyzing the time between each comparison. I create a rudimentary class ...
From Wikipedia In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing ...