Message162867
On Fri, Jun 15, 2012 at 10:09 AM, Martin v. Löwis <report@bugs.python.org>wrote:
>
> Martin v. Löwis <martin@v.loewis.de> added the comment:
>
> > Note that this does not relief you from using a time-independent
> comparison
> > function. If you call some hash function (which time is known to the
> > attacker), then you compare it against a stored hashed version. If you
> use
> > a normal compare you're leaking the hash. This is indeed not as bad as
> > leaking the password, but it has been demonstrated that one-direction
> > functions are still vulnerable to some sort of attacks, so it's not ideal
> > either.
>
> But you don't leak the hash - you leak the first byte of the hash if you
> make 256 tries, and the first two bytes if you make 65536 tries. To leak
> the first four bytes of the hash, you need to make 2**32 tries.
> So this is equivalent to a brute-force attack, which works just as well
> against a time-independent function. So using a time-independent
> function does not add any security.
>
> ----------
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue15061>
> _______________________________________
>
Martin, you fail to understand how this works. You don't do 2**32 tries to
leak the 4 charaters, you need 4 * 256, that's why this attack is so bad,
because the time needed for the next character is brute force, but then you
can move on to the next one. |
|
Date |
User |
Action |
Args |
2012-06-15 08:12:39 | fijall | set | recipients:
+ fijall, loewis, arigo, ncoghlan, pitrou, christian.heimes, hynek |
2012-06-15 08:12:39 | fijall | link | issue15061 messages |
2012-06-15 08:12:39 | fijall | create | |
|