what is the point of `django.utils.crypto.constant_time_compare`? I
understand it takes O(n) time no matter what input it is feeded with,
but of what avail is it?
Can the time spent in *one single string comparison* really make such a
You received this message because you are subscribed to the Google Groups "Django developers" group.
To post to this group, send email to django-d...@googlegroups.com.
To unsubscribe from this group, send email to django-develop...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
You wanna hand over your paycheck now, or later? :-)I know someone with a functional white-hat timing attack script sitting on their laptop. They've been honing the statistical analysis to get the number of data points needed down to a less noticeable size, but the technique can already be successfully applied.
To your latter point, you can run a timing attack as slowly as you like, and a lot of sites have very poor monitoring for things like 404s. A month or more of patient low-level attacking to gain access to a prime target is well worth it.
The point being that we all ought to take timing attacks seriously. They're not nearly as unrealistic as people think.
> If you can show me a viable timing attack, over the Internet, under
> reasonable real-world circumstances, and caused by something as
> negligible as a single string comparison I will give you my paycheck.
> And I will eat my laptop.
We don't just have the internet to worry about - given the places Django
is used, we must consider datacentres and LANs, and even shared hosting.
Shared hosting is probably the only one close to being exploitable at
the moment for our usage. My quick, fairly crude tests with python
timeit suggest a single character can take 2ns to check. I've struggled
to find information on time resolution for local timing attacks, but I
don't think 2ns is far off being exploitable.
(For reference, I used a command line like:
python -m timeit -s 'x="x2345678901234567890";
y="12345678901234567890"' 'x == y'
and then moved the 'x' in the first one along. I tried some other
variations too. There are some 'end effects' which I tried to remove.).
"My capacity for happiness you could fit into a matchbox without
taking out the matches first." (Marvin the paranoid android)
Luke Plant || http://lukeplant.me.uk/
Nate Lawson and Taylor Nelson had a great talk at BlackHat that covered
piles of background and theory of timing attacks and successful
http://www.youtube.com/watch?v=ehxjAq59xEw&feature=related Part 3 is
where they get into exploitation.
Another talk Nate Lawson Google TechTalk: "When Crypto Attacks"
"incorrenctly comparing hash value" at 30:00 - again I haven't looked at
if the recommended counter measures in the contact_time_compare are what
is recommended out there.
Even if it's not 100% valuable to this thread those couple resources
provide some great info for anybody wanting to understand timing attacks
and their exploitability in more depth.