Skip to content

Art-S-D/za-warudo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
results
results
 
 
src
src
 
 
.gitignore
.gitignore
 
 
rapport.pdf
rapport.pdf
 
 
readme.md
readme.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Timing attack

This project tries to do a timing attack to get the admin password on a local server.

How it works

The server has an endpoint at /admin/login that sends back 200 if the password passed to it is the correct admin password and 401 otherwise.

Passing the correct password would be theoratically take more time to the server to process, since python string comparison stops at soon as it finds different characters in the two strings. If the server is slow enough, there should be a few milliseconds of difference.

Simply compare strings with the hmac.compare_digest function to protect against this sort of attack.

You can read rapport.pdf for more infos.

Run the project:

python src/server.py
python src/timing_attack.py # on another terminal

If there it's not reliable enough, you can try to slow down the server.

cpulimit -f -c 1 -l 1 -- python src/server.py

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages