Vulnerability Development mailing list archives

RE: Is there a hidden channel in Xauthentication?

From: Klaus Frank <klausf () Pool Informatik RWTH-Aachen DE>
Date: Tue, 22 May 2001 15:02:58 +0200 (MET DST)

Michael Wojcik wrote:

In any case, it's easy enough to mask the time by using a hand-coded
comparison loop that always compares all the bytes and sets a flag if any of
them differ.


The flag would be set n times, where n is the number of matching bytes in the
two cookies... I'm afraid there is still a timing difference. An attempt to
mask the time differences can be found in gnuserv version 3.12, permitted().

Klaus Frank

Current thread:

Is there a hidden channel in X authentication? Klaus Frank (May 17)
- Re: Is there a hidden channel in X authentication? Matt Conover (May 21)
- Re: Is there a hidden channel in X authentication? Pavel Kankovsky (May 21)
  - Re: Is there a hidden channel in X authentication? Klaus Frank (May 22)
  - Re: Is there a hidden channel in X authentication? David Wagner (May 22)
  - Re: Is there a hidden channel in X authentication? Martin Rex (May 23)
  - Re: Is there a hidden channel in X authentication? wwieser (May 27)
    - Re: Is there a hidden channel in X authentication? Pavel Kankovsky (May 28)
- <Possible follow-ups>
- RE: Is there a hidden channel in X authentication? Michael Wojcik (May 21)
  - RE: Is there a hidden channel in Xauthentication? Klaus Frank (May 22)
  - Re: Is there a hidden channel in X authentication? David Wagner (May 22)