Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Timing Attacks

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188

    Timing Attacks

    I found this article rather interesting:

    http://www.itbusiness.ca/it/client/e...s.asp?id=58406

    They crack passwords by measuring the time it takes for a computer to respond to a login request. On some login systems, the computer will check password characters one at a time, and kick back a "login failed" message as soon as it spots a bad character in the password. This means a computer returns a completely bad login attempt a tiny bit faster than a login where the first character in the password is correct. By trying to log in again and again, cycling through characters and measuring the time it takes for the computer to respond, hackers can ultimately figure out the correct passwords.
    This has been around as a concept for 25 years or so, but a couple of guys reckon that it is not so difficult as previously thought.

  2. #2
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Wouldn't this have been easier 25 years ago though? I mean 25 years ago, this form of attack had the following things going for it:

    #1. People who weren't trained in Computers (Which wasn't many, this would have been 1984) used passwords they could remember, and didn't think much about "Haxors".

    #2. CPUs 25 years ago were slow enough that you could WATCH this. Today, with CPUs more than 20x the speed of the average system back then, and of course, Ethernet being more than a few MBs a second, and most people using a WAY slower net connection.... Wouldn't it have been easier then? I mean back then, a 1MHz system, you could almost use a Stop Watch to do this lol. Today it would be a difference in like, Milliseconds.

    It is interesting though. I haven't used much in my days for password cracking... Being a person who think Social Engineering is still very viable, and someone who also uses password crackers and sniffers for those non-encrypted ones, and basically nothing else, I've used what works when I needed to.

    When I first started using Linux, I tried cracking my passwords, but it rarely got far. I've been pretty good about that. Ever since my VERY first password EVER back in September of 1999, which was "azsxdc". I know, it sucks, and it's easy, but, it wasn't a word, and I was using a Computer seriously for the very first time.

  3. #3
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    The problem with this attack is that it is very noisy. If my assumptions are correct, in order to cope with the timing issues presented by the internet, they will have to try each letter many times and take an average of it. The attack is definitely feasible, but has a lot of issues in my opinion. The biggest concern is the network traffic and how that affects the time with responses coupled with the fact that you are looking for differences in time that is literally nanoseconds. This kind of makes me think of the attack being impractical but I will have to see what the researchers say. They could have somehow found a way to make network response time reliable

  4. #4
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by SnugglesTheBear View Post
    The problem with this attack is that it is very noisy. If my assumptions are correct, in order to cope with the timing issues presented by the internet, they will have to try each letter many times and take an average of it. The attack is definitely feasible, but has a lot of issues in my opinion. The biggest concern is the network traffic and how that affects the time with responses coupled with the fact that you are looking for differences in time that is literally nanoseconds. This kind of makes me think of the attack being impractical but I will have to see what the researchers say. They could have somehow found a way to make network response time reliable
    Heh, I was agreeing with you in an AP assignment and I think I just boosted you quite a bit lol. Man that's awesome lol, your two dots just got more friends from one AP assignment lol. Anyway, I thought I'd post just in case someone wondered how the crap someone went from TWO APs to like 5 in one post. It's not abuse, I gave him a greenie for that post.

  5. #5
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    Quote Originally Posted by gore View Post
    Heh, I was agreeing with you in an AP assignment and I think I just boosted you quite a bit lol. Man that's awesome lol, your two dots just got more friends from one AP assignment lol. Anyway, I thought I'd post just in case someone wondered how the crap someone went from TWO APs to like 5 in one post. It's not abuse, I gave him a greenie for that post.
    heh, I was wondering that myself >.< Looks like I now have enough green to romp with the big leagues <@)

  6. #6
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Yes, there are a ton of variables in this. It seems it could be mitigated pretty easily by putting a random delay in the range of 1-15ms before sending back a response upon a bad password being entered...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey westin!

    Yeah, my first thoughts on mitigation was have the password submitted in its entirety and check it in its entirety before giving a virtually identically similar response time reply.

    My thinking was to look at the % of error............humans won't make that high a %?.............a typo, transposition error or something like that?

    Then you will know if you have an attack.


  8. #8
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    even a simple tar pit would make this attack not viable. >.<

  9. #9
    Senior Member
    Join Date
    Apr 2005
    Location
    USA
    Posts
    422
    Quote Originally Posted by gore View Post
    #2. CPUs 25 years ago were slow enough that you could WATCH this. Today, with CPUs more than 20x the speed of the average system back then, and of course, Ethernet being more than a few MBs a second, and most people using a WAY slower net connection.... Wouldn't it have been easier then? I mean back then, a 1MHz system, you could almost use a Stop Watch to do this lol. Today it would be a difference in like, Milliseconds.
    This doesn't really change anything. Assuming that the response time of the connection is reliable (local attack, attack using server side timer ex google: "About 4,580,000 results (0.54 seconds)"), a program can be written using a smaller measurement of time than seconds, or even ms. Ticks, for example, http://msdn.microsoft.com/en-us/libr...ime.ticks.aspx
    are a pretty small unit of measurement when dealing with time. For example, if a program were to have a linear scale of login response times, and if the first character is correct, the response takes X ticks, then two would take 2X, three would be 3X and so on. So the idea is the same as 25 years ago, its just scaled, where X would be a lot larger as you use an older computer. At least thats how I understand it.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm..............

    #2. CPUs 25 years ago were slow enough that you could WATCH this. Today, with CPUs more than 20x the speed of the average system back then,
    I would try more like 2,000x................4.7MHz compared to 2.8GHz?............anyways, I agree, I just thought you understated your case a bit?

    As for this threat, I don't take it that seriously, given that most decent systems give you 3-5 strikes before locking you out for at least 30 minutes?

    Just look at the math?..............a random password of 12 characters will take forever?................my passwords are all >20 characters

Similar Threads

  1. A look into IDS/Snort Whole thing by QoD
    By qod in forum The Security Tutorials Forum
    Replies: 6
    Last Post: February 27th, 2004, 03:03 AM
  2. A look into IDS/Snort part 1 of 3
    By qod in forum The Security Tutorials Forum
    Replies: 18
    Last Post: January 5th, 2004, 02:30 PM
  3. Understanding DoS
    By NullDevice in forum The Security Tutorials Forum
    Replies: 21
    Last Post: December 17th, 2003, 10:03 PM
  4. Classic Social Engineering Attacks
    By Striek in forum The Security Tutorials Forum
    Replies: 10
    Last Post: December 16th, 2003, 09:30 PM
  5. Remote timing attacks are practical
    By sambeckett in forum Cryptography, Steganography, etc.
    Replies: 1
    Last Post: March 14th, 2003, 05:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •