问题描述

来自 维基百科

在密码学中，定时攻击是一种边信道攻击，其中攻击者试图通过分析时间来破坏密码系统用于执行加密算法.

In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms.

实际上，为了防止定时攻击，我使用了以下函数，取自 这个答案:

Actually, to prevent timing attacks, I'm using the following function taken from this answer:

function timingSafeCompare($safe, $user) {
    // Prevent issues if string length is 0
    $safe .= chr(0);
    $user .= chr(0);

    $safeLen = strlen($safe);
    $userLen = strlen($user);

    // Set the result to the difference between the lengths
    $result = $safeLen - $userLen;

    // Note that we ALWAYS iterate over the user-supplied length
    // This is to prevent leaking length information
    for ($i = 0; $i < $userLen; $i++) {
        // Using % here is a trick to prevent notices
        // It's safe, since if the lengths are different
        // $result is already non-0
        $result |= (ord($safe[$i % $safeLen]) ^ ord($user[$i]));
    }

    // They are only identical strings if $result is exactly 0...
    return $result === 0;
}

但我在想是否可以使用随机睡眠来防止这种攻击

But I was thinking if is possible prevent this kind of attack using a random sleep like

function timingSafeCompare($a,$b) {
    sleep(rand(0,100));
    if ($a === $b) {
        return true;
    } else {
        return false;
    }
}

或者也许增加睡眠的随机性

Or maybe augmenting the randomness of sleep

sleep(rand(1,10)+rand(1,10)+rand(1,10)+rand(1,10));

这种方法可以完全防止定时攻击吗?还是只是让工作更加努力?

This kind of approach can totally prevent timing attacks? Or just make the work harder?

推荐答案

这种方法可以完全防止定时攻击吗?还是只是让工作更加努力?

This kind of approach can totally prevent timing attacks? Or just make the work harder?

两者都没有.它不会阻止定时攻击，也不会让它们变得更加困难.

Neither. It doesn't prevent timing attacks, nor does it make them any more difficult at all.

要了解原因，请查看睡眠文档.具体来说，第一个参数的含义:

To understand why, look at the docs for sleep. Specifically, the meaning of the first parameter:

暂停时间以秒为单位.

因此，您的应用需要 0.3 秒才能在不休眠的情况下做出响应.睡眠需要 0.3、1.3、2.3 等...

So your app takes 0.3 seconds to respond without sleep. With sleep it takes either 0.3, 1.3, 2.3, etc...

所以说真的，要得到我们关心的部分(时间差)，我们只需要去掉整数部分:

So really, to get the part we care about (the timing difference), we just need to chop off the integer part:

$real_time = $time - floor($time);

但让我们更进一步.假设您使用 usleep 随机睡眠.这要细得多.那是在微秒内休眠.

But let's go a step further. Let's say that you randomly sleep using usleep. That's a lot more granular. That's sleeping in microseconds.

嗯，测量是在 15-50 纳米秒的范围内进行的.因此，睡眠的粒度仍然比正在进行的测量少大约 100 倍.所以我们可以平均到一微秒:

Well, the measurements are being made in the 15-50 nanosecond scale. So that sleep is still about 100 times less granular than the measurements being made. So we can average off to the single microsecond:

$microseconds = $time * 1000000;
$real_microseconds = $microseconds - floor($microseconds);

并且仍然有有意义的数据.

And still have meaningful data.

您可以更进一步并使用 time_nanosleep，它可以睡眠到纳秒级精度.

You could go further and use time_nanosleep which can sleep to nanosecond scale precision.

然后你就可以开始玩弄数字了.

Then you could start fuddling with the numbers.

但数据仍然存在.随机性的美妙之处在于您可以将其平均化:

But the data is still there. The beauty of randomness is that you can just average it out:

$x = 15 + rand(1, 10000);

运行足够多的时间，你会得到一个漂亮的图表.您会知道大约有 10000 个不同的数字，因此您可以平均掉随机性并推断出私人"15.

Run that enough times and you'll get a nice pretty graph. You'll tell that there are about 10000 different numbers, so you can then average away the randomness and deduce the "private" 15.

由于表现良好的随机性是无偏的，因此在足够大的样本上进行统计检测非常容易.

Because well-behaved randomness is unbiased, it's pretty easy to detect statistically over a large enough sample.

所以我要问的问题是:

这篇关于随机睡眠可以防止定时攻击吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！