Tag[timing-attack] Recent Newest Questions

Are there other C standard library functions like memcmp that have timing side-channel risk?

I found that memcmp() will return false earlier if the first byte is different in both strings, and I thought it has a timing attack risk. However, wh ...

How can I understand whether my C code is constant time or not?

I have a code for polynomial multiplication and it is written in C. I heard that whether a particular instruction is "constant time" can vary by archi ...

nodejs: timing attack on "=="

Recently I came past this write up of a CTF on hackerone. In this writeup part of completing the challenge was to perform a timing attack. It spiked m ...

Prevent django send_mail timimg attack

I have different REST-API views where I either send a mail (if an account exists) or do not send a mail. For example, the user can input the email in ...

Fixing a timing attack

I use this code to login a user. The password is encrypted with bcrypt and the SALT_ROUNDS is the same for every user const user = await User.findOne ...

Should I use == for string comparison?

sorry if this is a weird question. I was actually curious about timing attacks, so I have done a little research and understood the concept. I unders ...

Is checking the existence of an objects key considered timing safe?

So, I'm authing a pretty short list of users for a mostly private server, and the login data for these users in stored in an object. The object is str ...

Does this prefetch256() function offer any protection against cache timing attacks on AES?

This is a borderline topic. Since I wanted to know about programming, CPU cache memory, reading CPU cache lines etc, I'm posting it here. I was imple ...

PHP constant-time realpath()?

I'm looking for a constant-time implementation of realpath() , does one exist? I'm in a situation where a malicious actor may control the argument f ...

Force PHP to run all if conditions

I am building an application that is sensitive to timing attacks. I was thinking of instead of making an "if tree" where you nest if statement, just r ...

How could HMAC comparison ever not be constant-time in Python?

Python has a method specifically for comparing HMAC to prevent timing attacks: https://docs.python.org/3.7/library/hmac.html#hmac.compare_digest And ...

Java: Why is this Equal-String function protected against timing attacks

On Stackoverflow I found the following String-Equal-Function, which should be resistent against timing attacks. I wonder why this is save against t ...

Implementing a side channel timing attack

I'm working on a project implementing a side channel timing attack in C on HMAC. I've done so by computing the hex encoded tag and brute forcing byte- ...

Timing attack with PHP

I'm trying to produce a timing attack in PHP and am using PHP 7.1 with the following script: This is searching for a word with the following c ...

Main techniques for preventing timing attacks

I am not very familiar with security stuff, but have encountered this constant time function to prevent timing attacks: https://github.com/salesfor ...

python generating numbers in modulus

i need to iteratively generate number x, which follow these conditions (x^z) mod n * x < n n is known, z changes in every cycle i need it ...

MessageDigest.isEqual function use in Java

I have two question that I don't understand. Please help me take a look.Thanks. What is the use of MessageDigest.isEqual function in Java? ...

PHP double randomised hmac verification to prevent timing attack

A way to prevent timing attacks for hash string comparison is to perform additional HMAC signing in order to randomize the verification process (see h ...

String prediction through comparisons

Today I woke up and thought if it would be possible to predict Strings only analyzing the time between each comparison. I create a rudimentary class ...

Could a random sleep prevent timing attacks?

From Wikipedia In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing ...