Tweet
Tweet

Slide 1

Slide 1 text

All in the Timing Asheesh Laroia & Philip James PyCon 2018

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

•Explain >ming a?acks •Timing a?acks in Python soBware •Side channel a?acks in general

Slide 4

Slide 4 text

https://example.com Username Password Submit

Slide 5

Slide 5 text

2,821,109,907,456 combinations = ~89 years p a s s w o r d _ _ _ _ _ _ _ _ 36 36 36 36 36 36 36 36

Slide 6

Slide 6 text

https://example.com Username Password Submit

Slide 7

Slide 7 text

m a s s w o r d p a s s 1 2 3 4 p a s s w o r d p a s s w o r d

Slide 8

Slide 8 text

m a s s w o r d p a s s 1 2 3 4 p a s s w o r d p a s s w o r d

Slide 9

Slide 9 text

m a s s w o r d p a s s 1 2 3 4 p a s s w o r d p a s s w o r d

Slide 10

Slide 10 text

144 tries 18 + 18 + 18 + 18 + 18 + 18 + 18 + 18 = 144ms

Slide 11

Slide 11 text

0 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6

Slide 12

Slide 12 text

In [1]: password = 'password' In [2]: %timeit 'massword'.encode('utf-8') == password.encode('utf-8') 306 ns ± 3.65 ns per loop (…) In [3]: %timeit 'pass1234'.encode('utf-8') == password.encode('utf-8') 314 ns ± 4.5 ns per loop (…) In [4]: %timeit 'password'.encode('utf-8') == password.encode('utf-8') 325 ns ± 12.8 ns per loop (…) Data-dependent >me

Slide 13

Slide 13 text

In [1]: from django.utils.crypto import constant_time_compare In [2]: %timeit constant_time_compare('massword', 'password') 93.5 ms ± 426 µs per loop (...) In [3]: %timeit constant_time_compare('pass1234', 'password') 92.5 ms ± 550 µs per loop (...) In [4]: %timeit constant_time_compare('password', 'password') 93.3 ms ± 479 µs per loop (…) Constant >me

Slide 14

Slide 14 text

VERIFICATION GENERATION

Slide 15

Slide 15 text

HMAC/ KeyCzar

Slide 16

Slide 16 text

def check(msg, maybe_sig): sig = hmac.Sign(msg) return sig == maybe_sig

Slide 17

Slide 17 text

def check(msg, maybe_sig): sig = hmac.Sign(msg) return sig == maybe_sig

Slide 18

Slide 18 text

if len(sig_bytes) != len(mac_bytes): return False result = 0 for x, y in zip(mac_bytes, sig_bytes): result |= ord(x) ^ ord(y) return result == 0 https://github.com/google/keyczar/blob/master/python/src/keyczar/keys.py#L582

Slide 19

Slide 19 text

Timing A2acks Side-Channel A2acks

Slide 20

Slide 20 text

GZip h?ps:/ /www.djangoproject.com/weblog/2013/aug/06/breach-and-django/

Slide 21

Slide 21 text

Cross site request forgery protec>on

Slide 22

Slide 22 text

Cross site request forgery protec>on http://example.com Username Password Submit

Slide 23

Slide 23 text

Cross site request forgery protec>on http://example.com Username Password Submit

Slide 24

Slide 24 text

Cross site request forgery protec>on https://example.com Username Password Submit

Slide 25

Slide 25 text

Cross site request forgery protec>on https://example.com Username Password Submit 10Kb

Slide 26

Slide 26 text

Cross site request forgery protec>on https://example.com Username Password Submit 3Kb GZipped!

Slide 27

Slide 27 text

Cross site request forgery protec>on https://example.com 10Kb

Slide 28

Slide 28 text

Cross site request forgery protec>on https://example.com 3Kb GZipped!

Slide 29

Slide 29 text

Cross site request forgery protec>on https://example.com 3Kb GZipped! “_________”

Slide 30

Slide 30 text

Cross site request forgery protec>on https://example.com?q=cleveland 3Kb GZipped! “_________” You searched for: cleveland

Slide 31

Slide 31 text

0 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6

Slide 32

Slide 32 text

Interlude: PYTHONHASHSEED

Slide 33

Slide 33 text

No content

Slide 34

Slide 34 text

/search? q=bananas& page=3& country=us& coupon=yay request.GET = { 'q': 'bananas', 'page': 3, 'country': 'us', 'coupon': 'yay', }

Slide 35

Slide 35 text

Lists vs. Dicts

Slide 36

Slide 36 text

2s -> 6506s

Slide 37

Slide 37 text

hash(data) hash(rand, data)

Slide 38

Slide 38 text

PEP 456 (2012) Secure and interchangeable hash algorithm (SipHash)

Slide 39

Slide 39 text

No content

Slide 40

Slide 40 text

0 1 2 … 2^64

Slide 41

Slide 41 text

0 1 2 … 2^64

Slide 42

Slide 42 text

0 1 2 … 2^64 print(memory[2])

Slide 43

Slide 43 text

0 1 2 … 2^64 print(memory[2]) print(memory[2])

Slide 44

Slide 44 text

0 1 2 10 … 2^64 print(memory[1])

Slide 45

Slide 45 text

data = memory[1] if data % 2 == 0: message = memory[10] else: message = memory[11] print message ¯\_(ツ)_/¯ 0 1 2 2^64

Slide 46

Slide 46 text

•Explain >ming a?acks •Timing a?acks in Python soBware •Side channel a?acks in general Thanks! Asheesh Laroia @asheeshlaroia Philip James @phildini

Slide 47

Slide 47 text

No content