Vulnerability Development mailing list archives
Re: Is there a hidden channel in X authentication?
From: Martin Rex <martin.rex () sap-ag de>
Date: Wed, 23 May 2001 19:16:47 +0200 (METDST)
Pavel Kankovsky wrote:
On Thu, 17 May 2001, Klaus Frank wrote:Is it possible to average the measured durations of a huge amount of connection attempts until the differences from memcmp() add to a peak that exceeds the added random part of the additional delay?In theory: yes. In practice: it may be possible but it is probably not as feasible as it might look at the first glance. (*) Even if the probes are sent by a local user, they still have to pass through too much other software. The signal--the differences in memcmp() timings--is measured in few CPU clock ticks but the noise is much higher--tens, hundreds, maybe even thousands of clock ticks (or more if no ultra-high precision clock is available). I myself have done some experiments (using Pentium built in tick counter) and the measurements appear to be too perturbed to provide any clue about the number of correct bytes. (**) Perhaps some smart noise-filtering techniques might make the results look better?
Why noise-filtering? Since there seem to be no invalid low numbers, just take the minimum of a certain amount of tries (1000, 10000) and check whether those give you a clue -- i.e. try to find the ones with the lowest noise and compare them.
Current thread:
- Is there a hidden channel in X authentication? Klaus Frank (May 17)
- Re: Is there a hidden channel in X authentication? Matt Conover (May 21)
- Re: Is there a hidden channel in X authentication? Pavel Kankovsky (May 21)
- Re: Is there a hidden channel in X authentication? Klaus Frank (May 22)
- Re: Is there a hidden channel in X authentication? David Wagner (May 22)
- Re: Is there a hidden channel in X authentication? Martin Rex (May 23)
- Re: Is there a hidden channel in X authentication? wwieser (May 27)
- Re: Is there a hidden channel in X authentication? Pavel Kankovsky (May 28)
- <Possible follow-ups>
- RE: Is there a hidden channel in X authentication? Michael Wojcik (May 21)
- RE: Is there a hidden channel in Xauthentication? Klaus Frank (May 22)
- Re: Is there a hidden channel in X authentication? David Wagner (May 22)