一个随机睡眠可以防止定时攻击？ [英] Could a random sleep prevent timing attacks?

问题描述

维基百科

攻击者试图通过分析执行加密算法所花费的时间
来破坏密码系统。

In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms.

实际上，为了防止计时攻击，我使用从此回答：

Actually, to prevent timing attacks, I'm using the following function taken from this answer:

function timingSafeCompare($safe, $user) {
    // Prevent issues if string length is 0
    $safe .= chr(0);
    $user .= chr(0);

    $safeLen = strlen($safe);
    $userLen = strlen($user);

    // Set the result to the difference between the lengths
    $result = $safeLen - $userLen;

    // Note that we ALWAYS iterate over the user-supplied length
    // This is to prevent leaking length information
    for ($i = 0; $i < $userLen; $i++) {
        // Using % here is a trick to prevent notices
        // It's safe, since if the lengths are different
        // $result is already non-0
        $result |= (ord($safe[$i % $safeLen]) ^ ord($user[$i]));
    }

    // They are only identical strings if $result is exactly 0...
    return $result === 0;
}

但我想是否可以防止这种攻击使用随机睡眠例如

But I was thinking if is possible prevent this kind of attack using a random sleep like

function timingSafeCompare($a,$b) {
    sleep(rand(0,100));
    if ($a === $b) {
        return true;
    } else {
        return false;
    }
}

或者增加睡眠的随机性

sleep(rand(1,10)+rand(1,10)+rand(1,10)+rand(1,10));

这种方法可以完全防止计时攻击？

This kind of approach can totally prevent timing attacks? Or just make the work harder?

推荐答案

这种方法可以完全防止计时攻击？还是只是让工作更难？

This kind of approach can totally prevent timing attacks? Or just make the work harder?

要了解原因，请查看

To understand why, look at the docs for sleep. Specifically, the meaning of the first parameter:

暂停时间（以秒为单位）。

Halt time in seconds.

因此，您的应用程序需要0.3秒才能无睡眠响应。有了睡眠，它需要0.3，1.3，2.3等...

So your app takes 0.3 seconds to respond without sleep. With sleep it takes either 0.3, 1.3, 2.3, etc...

真的，为了得到我们关心的部分（时间差），我们只需要切除整数部分：

So really, to get the part we care about (the timing difference), we just need to chop off the integer part:

$real_time = $time - floor($time);

但是让我们更进一步。假设您使用 usleep 随机睡眠。这是一个更多的粒度。

But let's go a step further. Let's say that you randomly sleep using usleep. That's a lot more granular. That's sleeping in microseconds.

好吧，测量是在15-50 nano 第二刻度中进行的。因此，睡眠比所做的测量还要少100倍少。所以我们可以平均到单微秒：

Well, the measurements are being made in the 15-50 nanosecond scale. So that sleep is still about 100 times less granular than the measurements being made. So we can average off to the single microsecond:

$microseconds = $time * 1000000;
$real_microseconds = $microseconds - floor($microseconds);

还有有意义的数据。

您可以进一步使用 time_nanosleep ，它可以睡眠到纳秒级的精度。

You could go further and use time_nanosleep which can sleep to nanosecond scale precision.

然后你可以开始搅拌数字。

Then you could start fuddling with the numbers.

但是数据还在。随机性的美丽在于你可以平均化它：

But the data is still there. The beauty of randomness is that you can just average it out:

$x = 15 + rand(1, 10000);

运行足够多的时间，你会得到一个漂亮的图表。你会知道有大约10000个不同的数字，所以你可以平均掉随机性和推断私人15。

Run that enough times and you'll get a nice pretty graph. You'll tell that there are about 10000 different numbers, so you can then average away the randomness and deduce the "private" 15.

因为良好的随机性是不偏不倚的

Because well-behaved randomness is unbiased, it's pretty easy to detect statistically over a large enough sample.

所以我会问的问题是：

这篇关于一个随机睡眠可以防止定时攻击？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！