Vulnerability Development mailing list archives
RE: Is there a hidden channel in Xauthentication?
From: Klaus Frank <klausf () Pool Informatik RWTH-Aachen DE>
Date: Tue, 22 May 2001 15:02:58 +0200 (MET DST)
Michael Wojcik wrote:
In any case, it's easy enough to mask the time by using a hand-coded comparison loop that always compares all the bytes and sets a flag if any of them differ.
The flag would be set n times, where n is the number of matching bytes in the two cookies... I'm afraid there is still a timing difference. An attempt to mask the time differences can be found in gnuserv version 3.12, permitted(). Klaus Frank
Current thread:
- Is there a hidden channel in X authentication? Klaus Frank (May 17)
- Re: Is there a hidden channel in X authentication? Matt Conover (May 21)
- Re: Is there a hidden channel in X authentication? Pavel Kankovsky (May 21)
- Re: Is there a hidden channel in X authentication? Klaus Frank (May 22)
- Re: Is there a hidden channel in X authentication? David Wagner (May 22)
- Re: Is there a hidden channel in X authentication? Martin Rex (May 23)
- Re: Is there a hidden channel in X authentication? wwieser (May 27)
- Re: Is there a hidden channel in X authentication? Pavel Kankovsky (May 28)
- <Possible follow-ups>
- RE: Is there a hidden channel in X authentication? Michael Wojcik (May 21)
- RE: Is there a hidden channel in Xauthentication? Klaus Frank (May 22)
- Re: Is there a hidden channel in X authentication? David Wagner (May 22)