1995-12-11 - Timing attacks
Header Data
From: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
To: cypherpunks@toad.com
Message Hash: 4a00e097fde45e4b3d93a28e5ee67998b30c54553f9bf243a8be2385637708f6
Message ID: <95Dec11.111045edt.4478@cannon.ecf.toronto.edu>
Reply To: N/A
UTC Datetime: 1995-12-11 20:42:24 UTC
Raw Date: Tue, 12 Dec 1995 04:42:24 +0800
Raw message
From: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Tue, 12 Dec 1995 04:42:24 +0800
To: cypherpunks@toad.com
Subject: Timing attacks
Message-ID: <95Dec11.111045edt.4478@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain
I have had some success using timing against UNIX to find out what usernames
are valid on systems with finger &c disabled. If a username does not exist,
it returns the "Login incorrect" a lot faster than it would if the username
existed but the password was incorrect. I wonder how many other systems are
vulnerable to this sort of attack.
Thread
Return to December 1995
Return to “SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>”
1995-12-11 (Tue, 12 Dec 1995 04:42:24 +0800) - Timing attacks - SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>