[WEB SECURITY] quick question on password reset 'best practices'
jeremiah at whitehatsec.com
Wed Jun 4 11:45:05 EDT 2008
On Jun 3, 2008, at 11:37 PM, Sebastian Schinzel wrote:
> Hi Jeremiah,
> Jeremiah Grossman wrote:
>> However, you have to get really exact with the
>> delays, hard to do, and delays with change dynamically with load
>> on the system. I think its possible to detect timing resolution
>> down to 2-digit ms. The other thing that's possible is implement
>> random timing delays in the flow. This would seem to me to be the
>> most viable, but have not tested it personally.
> The delays shouldn't be too random. Given a large amount of probes,
> the random values would be visible as noise around the actual delay
> while processing.
> true_delay = MIN(all_measured_delays_per_username)
> I suggest that delays should be constant per input value, but not
> predictable. That way, there is no noise around the actual delay
> while processing. It is a fixed but random value. Thus, an attacker
> does not gain any value by comparing the overall delays of
> different user names.
> Let's assume you want to prevent harvesting of user names:
> <pseudo_code tested="false">
> if authentication_successful == False:
> # Get the last three characters (hex) of the combined hash of
> # the username and a server-side secret
> delay_str = md5(username + secret_string)[-3:]
> # Cast the random string from hex to float.
> # The delay should be at least 100 ms.
> delay = (float(int(delay_str, 16)) / 1000) + 0.1
> # Sleep between 0 and 4 seconds (should probably be lower)
> Using this methodology: It would be interesting to know whether an
> attacker can gain any value by measuring the delay deviation per
> user name. I.e.: Does an existing user name have different delay
> deviations resulting from server-side processing compared to the
> delays of non existing user name?
This is clever and would be fun to test out. Would anyone on the list
have interest in helping develop some sample web app code, placing it
on a website, and testing it out? If the technique has merit, could
be the new best practice for defending against timing attacks on web-
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
More information about the websecurity