Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mpb10/timing-side-channel-vulnerability

These are three PowerShell scripts that demonstrate in a very basic manner what timing side-channel vulnerabilities are.
https://github.com/mpb10/timing-side-channel-vulnerability

Last synced: 2 days ago
JSON representation

These are three PowerShell scripts that demonstrate in a very basic manner what timing side-channel vulnerabilities are.

Host: GitHub
URL: https://github.com/mpb10/timing-side-channel-vulnerability
Owner: mpb10
License: gpl-3.0
Created: 2018-04-26T01:21:57.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-04-27T16:30:03.000Z (over 6 years ago)
Last Synced: 2024-02-12T17:59:35.595Z (9 months ago)
Language: PowerShell
Homepage:
Size: 48.8 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Timing-Side-Channel-Vulnerability

https://github.com/mpb10/Timing-Side-Channel-Vulnerability

These are three PowerShell scripts that demonstrate in a very basic manner what timing side-channel vulnerabilities are.

**Author: mpb10**

**April 25th, 2018**

**v1.0.0**

# 

In a very, very basic manner, these three scripts represent a login server that compares a user provided password hash with a stored password hash. If the two hashes match, the user is "authenticated".

# USAGE

To use the scripts, run them via the PowerShell command line and provide two string parameters that are 32 characters in length each (these represent MD5 hashes).

Example: `.\VulnerableScript.ps1 5f4dcc3b5aa765d61d8327deb882cf99 5f4dcc3b5aa763dfj63575d83eb2c3go`

# EXPLANATION

The `VulnerableScript.ps1` script is vulnerable to timing side-channel attacks because the script exits the while-loop used in the hash comparison and returns the results as soon as it realizes they do not match. An attacker can pay attention to how long it took the script to compare the hashes in order to tell how close their hash is to the actual one.

The `SecureScript-Option1.ps1` script fixes this vulnerability by always taking a set amount of time to return the results of the comparison to the user, even if the script realizes that the hashes don't match and exits the while-loop early on. The `SecureScript-Option2.ps1` script fixes this vulnerability in a different way by continuing through the while-loop even after the script realizes that the hashes don't match. The goal here is to always return the results after the same or very close amount of time.