News for wibblers. Stuff that really doesn't matter. |
|
News for wibblers. Stuff that really doesn't matter. |
|
Save the teapot fund
New CSS web design for Wibble proudly provided by Kelv. Please contact the webmaster with any questions or concerns. |
Wibble > List archives > bugtraq > 2003
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Algorimic Complexity Attacks
<x-flowed> Hello Nicolas Nicholas Weaver wrote: > On Sun, Jun 08, 2003 at 06:17:38PM +0200, Pavel Kankovsky composed: > >>We need a function having a (relatively) small set of results in order to >>build a hash table. We can also assume the information about collisions >>leaks out via a timing channel. Ergo, a persistent attacker can find >>enough collisions by trial and error. > > IF the hash is good, FINDING collisions doesn't necessarily help the > attacker, as the attacker really needs to generate lots of collisions > to make the searches O(n) instead of O(1), since that is teh key > behind this attack. You could do some improvement if you store the collisions not in a list, but in a new hash table. In that 2nd hash table you add a salt. So the attacker must find many sets of data that result not only in a collistion, but additional result in collisions in the 2nd hash table. If the salt is some on the spot generated random data, that should be nearly impossible... Generating the 2nd hash table only if there at least n collissions should keep the load on the system low... Bye Goetz -- Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 </x-flowed> Attachment Converted: d:\apps\mail\qualcomm\eudora\attach\smime4.p7s
|
