You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An attacker could potential recover the password faster then guessing. A guessed password that has the first byte correct takes longer to check then a password that has the first byte wrong. Once the first byte is found, one can find the next byte and so on.
The attacker would need a lot of requests, as there can be quite some jitter and noise in the network, so it's not a very realistic attack, but might be feasable with enough samples.
The text was updated successfully, but these errors were encountered:
Authorization passwords are checked like:
if auth != config['SERVER_PASSWORD']
https://github.com/C4T-BuT-S4D/S4DFarm/blob/master/server/app/auth.py#L16
An attacker could potential recover the password faster then guessing. A guessed password that has the first byte correct takes longer to check then a password that has the first byte wrong. Once the first byte is found, one can find the next byte and so on.
https://sqreen.github.io/DevelopersSecurityBestPractices/timing-attack/python
The attacker would need a lot of requests, as there can be quite some jitter and noise in the network, so it's not a very realistic attack, but might be feasable with enough samples.
The text was updated successfully, but these errors were encountered: