Limited Entropy Dot Com Not so random thoughts on security featured by Eloi Sanfèlix

1Jun/092

Timing attack in Google Keyczar library

Javi mailed it to me last week, and now I came across it again while reading my feeds. Nate Lawson found and described on his blog a timing (side channel) attack in Google Keyzcar library.

Take a look at his post, it's a typical problem found in string/array comparisons, and you should take it into account when programming embedded devices and any other security-related code in general.

PD: I said very soon, didn't I? 😛

Enjoy this article?

Consider subscribing to our rss feed!

Posted by Eloi Sanfèlix

Tagged as: Cryptography, Security Leave a comment

Comments (2) Trackbacks (0) ( subscribe to comments on this post )

vierito5
June 2nd, 2009 - 13:21

Link al post en concreto:
http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/
TuXeD
June 2nd, 2009 - 14:58

Je, estoy melon… se me olvido anyadir el link. Ahora edito la entrada xD

Gracias Javi

Leave a comment Cancel reply

You must be logged in to post a comment.

No trackbacks yet.

Crypto Series: Introduction to Cryptool » « Conferences, slides and documents

Tag cloud

Recent Posts

PlaidCTF 2013: drmless (binary 250) write-up April 26, 2013
Insomni’hack 2013: Embedded security – the HW way March 23, 2013
Fusion 04 exploit write-up March 13, 2013
HW Security: fault injection techniques September 3, 2012
Crypto Series: Differential Fault Analysis by examples August 25, 2012

Recent Comments

My tweets!

RT @daniel_rome: We have published some vulnerabilities we found during an internal @NCCGroupplc research. Further news will come soon, sta… 03:35:50 PM May 29, 2019 Reply Retweet Favorite
@singe @bluefrostsec oops, thanks! 12:36:32 PM May 27, 2019 in reply to singe Reply Retweet Favorite
RT @bluefrostsec: We just published the slides for the TEE presentation @esanfelix gave at #zer0con2019 and #infiltrate19, and kicking off… 11:38:13 AM May 27, 2019 Reply Retweet Favorite
Made it to seoul for #zer0con2019, will be arriving at the venue in about an hour. Ping me if you're around and like to meet up. 09:03:28 AM April 10, 2019 Reply Retweet Favorite
#protip: keep your webex window in sight so you can notice if your connection drops XD Despite that hiccup, and the… https://t.co/WuaWjPmQ1r 05:28:29 PM March 25, 2019 Reply Retweet Favorite
RT @matalaz: Use whatever tool you want, I do use both IDA and Ghidra. But stop being a fucking dick and acting like it's holy war insultin… 12:00:49 PM March 22, 2019 Reply Retweet Favorite
RT @bluefrostsec: BFS Ski Seminar in Seefeld and Axamer Lizum! https://t.co/EzUvPhYyoL 03:39:17 PM March 20, 2019 Reply Retweet Favorite
RT @doegox: "White-Box Cryptography: Don’t Forget About Grey-Box Attacks" in Journal of Cryptology ヽ(^o^)ノ Courtesy link: (requires js) ht… 11:12:08 PM February 14, 2019 Reply Retweet Favorite
RT @Kachakil: If you liked the blog post I published about how I discovered and exploited a vulnerability in Android (https://t.co/SGtyFPQk… 12:56:07 PM February 05, 2019 Reply Retweet Favorite
RT @jmartijnb: Interested to learn more about Trusted Execution Environment security? In a few weeks I will present @nullcon my work on fuz… 08:42:13 PM February 01, 2019 Reply Retweet Favorite

Meta