Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


What is a timing leak? (in plain english)

Posted on 2016-09-28
Medium Priority
Last Modified: 2016-09-28
Even though I am new to programming, I want to try do things as securely as possible as I learn to do basic things. I am getting to cookie security and came across a really great security website. Some of it is over my head though such as preventing timing leaks. The first part seems simple enough which is to generate a unique token when users check the “remember me” checkbox.
function generateToken($length = 20)
    return bin2hex(random_bytes($length));

Open in new window

I don’t want to post the entire article here unless that is okay with everyone (please let me know if I can) otherwise here is a link to the article.
They basically say, “Even if you're using a cryptographically secure random number generator, but your cookie looks like rememberme=WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn and you're storing these tokens in a database table that looks like this:

CREATE TABLE `auth_tokens` ( `id` integer(11) not null UNSIGNED AUTO_INCREMENT, `token` char(33), `userid` integer(11) not null UNSIGNED, `expires` integer(11), -- or datetime PRIMARY KEY (`id`) );
(And a look-up query might look something like this...)
SELECT * FROM auth_tokens WHERE token = 'WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn';

Open in new window

Watch out, an esoteric and nontrivial attack still exists."

Then it goes on about timing leaks.
If anyone would be prepared to take the time to explain this in plain English I would be really grateful. I really want to implement this but want to know what I am doing and why I am doing it.

Question by:Black Sulfur
  • 4
  • 2
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 1000 total points
ID: 41819494
I think it's suggesting an attacker could keep trying different tokens and measure the response time in order to build a valid token.

I suppose it may even take 100 or 1000 or more requests using one particular token to get an accurate response time, but if there's no throttling or limiting of number of attempts then it can be tried.

Each time a token response time is recorded accurately, another token (one character different) could be submitted, and the response time compared. If the response is longer, then that might be because the first character of the token was correct, and the database took longer to figure out that the remainder of the token wasn't correct. Keep doing this, and a valid token may be able to be constructed without having to try every single possible combination of characters.

Does that make sense?

This kind of attack could probably be defeated by limiting the number of attempts from any given IP address, delaying the response etc.
LVL 61

Accepted Solution

Julian Hansen earned 1000 total points
ID: 41819522
The attack uses the fact that comparison techniques tend to be time efficient in that as soon as they encounter an incorrect match the comparison terminates.
Comparing say
abc and adc

Will take quicker than
abc and abd

Simply because in the second instance there are two consecutive correct matches whereas in the first the process terminates after the first - making it run in approximately half the time.

By trial and error one can guess the target string by measuring the time.

The solution is to use functions that take constant time - in other words the check takes the same amount of time irrespective of incorrect matches
so comparing afd to abc will take the same amount of time to complete as comparing abc to abc.
By making functions constant time the potential for timing attacks is diminished.
LVL 61

Expert Comment

by:Julian Hansen
ID: 41819525
Another solution (which can be used in parallel or separately) is to use a time limit on requests - only a certain number of requests can be made within a specific time period - this limits the hacker by slowing down the process enough that a brute force attack takes exponentially longer - on probability beyond the lifespan of the session.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

by:Black Sulfur
ID: 41819529
Thanks so much. It is starting to make sense. I just still don't understand the prevention method using the database?

"Our proposed strategy deviates from the above simple token-based automatic login system in one crucial way: Instead of only storing a random token in a cookie, we store selector:validator.

selector is a unique ID to facilitate database look-ups, while preventing the unavoidable timing information from impacting security. (This is preferable to simply using the database id field, which leaks the number of active users on the application.)"

CREATE TABLE `auth_tokens` (
    `id` integer(11) not null UNSIGNED AUTO_INCREMENT,
    `selector` char(12),
    `token` char(64),
    `userid` integer(11) not null UNSIGNED,
    `expires` datetime,
    PRIMARY KEY (`id`)

Open in new window

On the database side of things, the validator is not stored wholesale; instead, the SHA-256 hash of validator is stored in the database, while the plaintext is stored (with the selector) in the user's cookie. With this fail-safe in place, if somehow the auth_tokens table is leaked, immediate widespread user impersonation is prevented.

The automatic login algorithm looks something like:

Separate selector from validator.
Grab the row in auth_tokens for the given selector. If none is found, abort.
Hash the validator provided by the user's cookie with SHA-256.
Compare the SHA-256 hash we generated with the hash stored in the database, using hash_equals().
If step 4 passes, associate the current session with the appropriate user ID."

Being new to all of this, I haven't heard of using a database with a cookie. I thought you just set a cookie, gave it an expiry date and off you go.
LVL 61

Expert Comment

by:Julian Hansen
ID: 41819562
The cookie is used to store a key into a database table where you usually store session information. It is fairly common practice

I think their approach is to remove  validator - which can be guessed with the timing attack - from the retrieval of the session data. By making the lookup on some other value (the id) - the validator check is then done with another process after the database record has been found. They imply that hash_equals is a constant time function which then removes the timing from the comparison of the validator with the stored value.

Author Comment

by:Black Sulfur
ID: 41819848
There must be some pretty bored people out there if they are going to try timing with this:


Is this a serious threat and should I worry about it for small applications or would I be okay just generating random strings and using that for my remember me cookie like:

rememberme=WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn ?
LVL 61

Expert Comment

by:Julian Hansen
ID: 41820207
It comes down to how valuable your data / app is. If the benefit is not worth the effort required then there is reduced incentive. There is always the chance someone wants to break in - but for the most part it is reward for effort that governs whether someone will try.

For small sites though I would not worry about it.

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question