https://github.com/mpb10/Timing-Side-Channel-Vulnerability
These are three PowerShell scripts that demonstrate in a very basic manner what timing side-channel vulnerabilities are.
Author: mpb10
April 25th, 2018
v1.0.0
In a very, very basic manner, these three scripts represent a login server that compares a user provided password hash with a stored password hash. If the two hashes match, the user is "authenticated".
To use the scripts, run them via the PowerShell command line and provide two string parameters that are 32 characters in length each (these represent MD5 hashes).
Example: .\VulnerableScript.ps1 5f4dcc3b5aa765d61d8327deb882cf99 5f4dcc3b5aa763dfj63575d83eb2c3go
The VulnerableScript.ps1
script is vulnerable to timing side-channel attacks because the script exits the while-loop used in the hash comparison and returns the results as soon as it realizes they do not match. An attacker can pay attention to how long it took the script to compare the hashes in order to tell how close their hash is to the actual one.
The SecureScript-Option1.ps1
script fixes this vulnerability by always taking a set amount of time to return the results of the comparison to the user, even if the script realizes that the hashes don't match and exits the while-loop early on. The SecureScript-Option2.ps1
script fixes this vulnerability in a different way by continuing through the while-loop even after the script realizes that the hashes don't match. The goal here is to always return the results after the same or very close amount of time.