Hacker News new | past | comments | ask | show | jobs | submit login

The array comparison? It's literally the textbook example of a timing sidechannel.

Though I won't speculate if it's a real problem here, since I have no idea what data is being compared.




I must admit, I can't immediately see the problem with leaking timing data.

The client (that decrypts the password database) runs on your local computer, and typically places clear-text-passwords into the clipboard during normal use. So if your local computer is compromised you have way bigger problems than timing attacks.


Me neither, I just tried to explain what the other poster /probably/ meant.


It does have a mode that allows you to avoid clipboard sniffers if the program you are targeting supports it.

However most attack vectors on the local machine can usually get a hold of both keyboard and clipboard data making it impossible to prevent sniffing, but that does assume a sophisticated sniffer.


The vast majority of modern malware no longer monitors either the clipboard OR keyboard. It hooks right into the browser or sometimes network stack.

So when you submit a form the malware records what was in the form and just as important where that form was submitted to (i.e. what URL).

Without context (the where) the information (the what) is near worthless. Aside from toy malware nobody actually logs keys anymore, the term "keylogger" is just a word, it isn't literal.

Source: I have looked at the leaked source of commercial (in the black market) malware. A core part of this malware is automation for resale, nobody is going to read through hundreds of pages of someone's clipboard and keystrokes to figure out what page they're on, and it is by far a more difficult route than just breaking into the browser, hooking Win32 functions, or hooking into the network stack before encryption occurs.


Do you care about that kind of side channel for an offline vault?

If your adversaries are on your box while you operate your vault, then you have already lost because they will also have keyloggers, strace, etc.


What if they hack your dropbox account and get a copy of the vault that way? They're not on your box, but now they can try to break into your vault.


Well, the decryption code is open source. And they have the ciphertext. So what does a timing attack give the attacker?

If keeppass removes the possible timing attack, the attacker could just add it back in and use their own client, if they have a copy of your database.


Then a timing side channel is not relevant, because they won't be watching you operate the vault. Right?


Why be OK with bad crypto?


Even if it's the password, it's not a server/client scenario, or interactive authentication, so why would we care about a timing attack?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: