{"id":16119388,"url":"https://github.com/codingchili/sidechannel-timing-tool","last_synced_at":"2025-04-06T10:19:16.864Z","repository":{"id":87434569,"uuid":"52535412","full_name":"codingchili/sidechannel-timing-tool","owner":"codingchili","description":"Small tool for measuring system latency during string comparison.","archived":false,"fork":false,"pushed_at":"2018-04-28T20:12:52.000Z","size":332,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-12T15:51:37.983Z","etag":null,"topics":["network","proof-of-concept","security","side-channel"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codingchili.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-25T15:28:37.000Z","updated_at":"2018-11-21T09:22:21.000Z","dependencies_parsed_at":null,"dependency_job_id":"6566b05f-d949-402a-8a4c-23f81f8f7f80","html_url":"https://github.com/codingchili/sidechannel-timing-tool","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingchili%2Fsidechannel-timing-tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingchili%2Fsidechannel-timing-tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingchili%2Fsidechannel-timing-tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codingchili%2Fsidechannel-timing-tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codingchili","download_url":"https://codeload.github.com/codingchili/sidechannel-timing-tool/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247464368,"owners_count":20942999,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["network","proof-of-concept","security","side-channel"],"created_at":"2024-10-09T20:54:01.184Z","updated_at":"2025-04-06T10:19:16.858Z","avatar_url":"https://github.com/codingchili.png","language":"Java","readme":"# sidechannel-timing-tool\nSmall tool for measuring system latency during string comparison.\n\nThe tool supports three modes, in-vm and telnet (for use with GNS3 virtual routers).\n\nThe tool works by using a password that is known in advance. Starts by attempting to authenticate using the first letter of the password. \nThen increases the number of letters included in each authentication request over time. Each request produces some timing information\nthat can be used to determine if the system is vulnerable or not. \n\nThe following examples are taken from an in-vm comparison, this proves that the data is available in the best conditions. As network\nequipment improves over time and cloud hosted machines has gained popularity over the last years, this is a real attack vector.\n\nSample of a measurement that does not leak any information, uses 1:1 byte comparison as implemented in openSSL.\n![alt text](https://raw.githubusercontent.com/codingchili/sidechannel-timing-tool/master/safe.png \"Current snapshot version\")\n\nSample of a measurement that leaks timing information, allows optimizations and returns early on first mismatching byte.\n![alt text](https://raw.githubusercontent.com/codingchili/sidechannel-timing-tool/master/vulnerable.png \"Current snapshot version\")\nThis could be used to incrementally guess the password one character by one.\n\nThis applies to passwords, even more so if the passwords are in plaintext or not salted appropriately. This method could probably\nalso be used for tokens - where valid tokens are cached and not revalidated. This attack vector is very tempting in multi-tenant\nhosting solutions. If a vulnerable VM is running in the cloud, you could deploy your own VM to that cloud for a small\nfee. Depending on the network layout the jitter will be minimal. Jitter makes it harder to deploy this attack, attempts to \ninduce random delays are probably very deterministic and easy to analyze.\n\n\n\nFor more information read the co-authored [report](https://github.com/codingchili/sidechannel-timing-tool/raw/master/Side-Channel%20Attack%20-%20paper.pdf).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodingchili%2Fsidechannel-timing-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodingchili%2Fsidechannel-timing-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodingchili%2Fsidechannel-timing-tool/lists"}