question about time attack

Alexandros Kosiaris alex at noc.ntua.gr
Fri Oct 14 10:23:16 EEST 2005 

d.a.glynos wrote:
> Eukolo! Prose3e ta sxolia parakatw. 8a antistrepsw ta paradeigmata sou
> prokeimenou na fanei pio eukola h diafora. Prwta e3etazw thn ekdosh pou
> einai vulnerable:
> 
> 
>>int password-check( char *inp, char *pwd) {
>>if (strlen(inp) != strlen(pwd)) return 0;
> 
> 
> se auth th sun8hkh o evil-do-er [1] mporei na ma8ei ton ari8mo twn
> grammatwn tou password sou ka8ws se mia kai mono periptwsh (an dld
> valei opoiodipote password me to idio string length) h sunarthsh
> 8a epistrepsei amesa.
> 
> 
>>for( i=0; i < strlen(pwd); ++i)
>>if ( inp[i] != pwd[i] )
>>return 0;
>>return 1;
>>}
> 
> 
> As to kanoume ligo indent na fanei ti grafeis:
> 
> 	for (i=0; i<strlen(pwd); i++)
> 		if ( inp[i] != pwd[i] )
> 			return 0;
> 	return 1;
> 
> Edw ta pragmata einai akomh xeirotera. An vrei estw kai ena diaforetiko
> gramma, epistrefei amesa. Skepsou to senario opou o evil-do-er,
> gnwrizontas pleon ton ari8mo twn grammatwn tou password, dokimazei
> na vrei ta grammata ena-ena (seiriaka apo aristera pros ta deksia)
> dhl apo 'xxxxxxxx' se 'xxxxxxxx'
>          ^                    ^
> 
> O algori8mos 8a ginetai olo kai pio argos ka8e fora pou 8a vriskei to
> 'epi8umhto' gramma tou password.
> 
> As e3etasoume kai thn or8h periptwsh:
> 
> int password-check( char *inp, char *pwd)
> {
>         oklen = 1;
>         /* e3etazoume an exoun idio mege8os kai se periptwsh pou den
>            exoun auto 8a apotelesei sfalma sto telos tou programmatos */
> 	if (strlen(inp) != strlen(pwd)) oklen=0;
> 
> 	/* to for loop 8a leitourghsei e3etazontas OLA ta grammata
>            se OLES tis periptwseis (akomh kai otan vrei estw kai ena
>            diaforetiko). An htan telika diaforetika, auto 8a syneisferei
>            sto 'sfalma' sto telos tou programmatos */
> 	for( ok=1, i=0; i < strlen(pwd); ++i)
> 		if ( inp[i] != pwd[i] )
> 			ok = ok & 0;
> 		else
> 			ok = ok & 1;
> 
> 	/* Mexri edw ftanoume se oles tis periptwseis (idio/diaforetiko
> 	mege8os, idia/diaforetika grammata) me ton idio ari8mo vhmatwn
> 	(cpu instructions an 8es). Synepws mazi me to teleutaio vhma
>         den epitrepoume ston evil-do-er na sxhmatisei apopsh
> 	gia to password me vash to xrono pou phre gia na ektelestoun oi
>         parapanw instructions */
> 
> 	return ok & oklen;
> }
> 
> Elpizw ta sxolia na einai katanohta.
> 
> dimitris
> 
> 
> 
> ------------------------------------------------------------------------
> 
> 
Ωραίος... το δεύτερο κομματι μου είχε διαφύγει...

-- 
Alexandros Kosiaris 	Network Management Center , NTUA
e-mail : alex at noc.ntua.gr
Public Key Fingerprint :
D6B1 0634 BE65 719C 6C95  7492 8201 4B46 C478 F074
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3166 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.hellug.gr/pipermail/linux-greek-users/attachments/20051014/db199f8e/attachment.bin>

More information about the Linux-greek-users mailing list