Dimitry Sibiryakov wrote:

> 07.02.2014 20:44, Lester Caine wrote:
>> but I don't have the knowledge to
>> disprove that this type of attack IS currently happening in real life?
>
> Ok, let's look at theory: to let this attack to be possible there must me a correlation
> between system response time and the distance between attempted password and right
> password in any functional space. I can imagine encrypting algorithm for which it is true,
> but SHA1 used in Firebird or MD5 used in Linux are different. They work not with every
> symbol of password and key separately, but with whole fixed size array of bytes, filling
> the rest of the buffer with zeros or salt. In this case (as I already said) there is no
> correlation between working time and buffer content (O(N) = N/sizeof(buffer) which for
> N<sizeof(buffer) == 1), so timing attack is not possible.
> I would say that your passwords are out of danger.
>
> But this this kind of attack is popular in Hollywood because it looks good in TV, so I
> don't wonder that there are people who believe in its effectiveness. They just watched
> "Hackers" too much.

Thanks for that Dimitry ... Supports what I had already worked out myself so
I'll go back and ask who has proof that the concept can be used. All the notes
posted so far relate to theoretical conjecture rather than fact :)

--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk