About security details timing attack

order

since：2021 year 5 month 22 Japan 21:12

auth： Hadi

Reference resources ：

https://zhuanlan.zhihu.com/p/150689564

https://www.oracle.com/java/technologies/javase/6u17.html

Preface

I saw some posts about security theory in Zhihu , Here I also pull a piece of water blog . The reference code is Sacla in safeEqual String comparison is relevant .

stay String The source code of security comparison in is as follows ：

def safeEqual(a: String, b: String) = {
  if (a.length != b.length) {
    false
  } else {
    var equal = 0
    for (i <- Array.range(0, a.length)) {
      equal |= a(i) ^ b(i)
    }
    equal == 0
  }
}

I'm still confused when I see this code , The first part ： Return when the length is inconsistent false; The second part uses bit operation to compare the value of each bit , Then take the union value and return , As long as there is one inconsistency, it is false. There seems to be nothing wrong with the code , But this is a common method , We all know the points that can be optimized , Directly compare each bit. If there is a problem with the bit length, return directly false That's it , So why safeEqual How about this ？

The price of safety

Obviously , This method emphasizes that this method is safe , This method deliberately reduces the efficiency , stay java There are also security classes in java.security.MessageDigest There is isEqual Have the same way of writing . So why write like this ？

Timing Attack

timing attack （ Why do you think of interstellar ）.

Through power consumption 、 sequential 、 Electromagnetic leakage and other ways to achieve the purpose of cracking . In many physically isolated environments , It's often amazing ; The effectiveness of this attack is much higher than the traditional mathematical method of cryptanalysis . For example, when we call isEqual When , It is likely to compare whether the passwords are consistent .safeEqual("abcdefg","Abcdefg") and safeEqual("abcdefg","abcdefG") The first one is different from the last one , Their running time is completely different , This prevents the input from changing a lot , And calculate the statistical time to brutally crack the compared string .

When we write normally , Will return directly for efficiency , But ignore that others can use this to crack the security we set .

stay Java SE 6 Update Officially joined MessageDigest.isEqual https://www.oracle.com/java/technologies/javase/6u17.html

Postscript

brief , But tell us that the devil is a foot tall and the road is a foot tall , In terms of security and cracking , It's all about change , They attacked each other , Continuously improve , Strive to improve the effectiveness of the code .