About me My standards Book Blog Video Blog
Menu
About me Kontakt

Guessing the password solely based on server response time - timing attack

password security programming coding Attack software development timing Anvil Web

In the latest video from mCoding, James Murphy introduces viewers to the intricacies of timing attacks on passwords. Despite concerns from some individuals, this is not a hacking tutorial; rather, it analyzes the challenges of writing secure software. Murphy explains how certain attack attempts, known as timing attacks, can be exploited to crack a password by measuring the server's response time. In the video, he demonstrates how to measure the length of a password and then, using that information, gradually crack each character of the password by leveraging the difference in the server's response time. All developers should be aware of these dangers, especially when designing web-based applications.

Murphy emphasizes that the primary goal is to discover the length of the password. He guides viewers through the process of guessing various lengths using a function to attempt to identify that length, meticulously measuring the server's response time for each query. He uses the 'timeit.repeat' method to conduct the tests, allowing for precise measurements, even in the event of server latency. When he ultimately finds that the password is 20 characters long, Murphy points out that during current testing, it is essential to avoid having other processes running on the computer that could skew the results.

Once the length of the password is established, Murphy attempts to guess the actual password, starting with random guesses and then gradually refining his attempts while skillfully using the subtle variations in the server's response time. This allows viewers to understand the power of timing attacks in revealing complex passwords. Murphy breaks down the process into stages, where he inputs one character at a time, utilizing fundamental string comparison principles in programming.

As he proceeds with his testing and guessing, Murphy shares his insights and results in real-time, capturing viewers' attention as he ultimately cracks the 20-character password. Each phase of the video is presented in an engaging manner, making the topic accessible even for those unfamiliar with programming. The in-depth explanations and code demonstrations highlight the importance of secure coding practices in web application development.

The statistics for this video on the mCoding channel are quite impressive, boasting over 178376 views and 9407 likes, reflecting the interest and appreciation for the knowledge that Murphy shares with his viewers. This highlights the significance of timing attacks and the need for developers to prioritize security when writing software. Tune in to hear all about their sponsor, Anvil, towards the end of the video.

Toggle timeline summary

  • 00:00 James Murphy introduces the video about cracking passwords.
  • 00:05 Introduction of the video sponsor, Anvil, a development platform for web apps.
  • 00:16 Discloses that the video is not a hacking tutorial.
  • 00:31 Discussion on the challenges of writing secure software.
  • 00:49 Introduction to timing attacks that exploit execution time of algorithms.
  • 01:07 Explanation of the system being tested for password cracking.
  • 02:19 Describes the initial difficulty in cracking long passwords.
  • 02:32 Highlights the importance of timing responses from the server.
  • 03:30 Demonstrates how to find the length of the password using timing.
  • 04:28 Illustrates the outcome when testing for password lengths.
  • 05:24 Investigates if timing attacks can also guess the actual password.
  • 06:05 Presents the code approach for cracking the password using timing attacks.
  • 07:26 Describes the next steps in cracking the password.
  • 08:03 Confirms that the password was successfully cracked.
  • 08:10 Reiterates the demonstration of cracking a long password.
  • 08:34 Emphasizes the need for secure data handling.
  • 08:40 Encourages viewers to learn about Anvil for web app development.

Transcription

Hello and welcome, I'm James Murphy, and in this video we're going to crack some passwords. Thanks to this video's sponsor, Anvil, a browser-based full-stack development platform allowing you to make web apps with nothing but Python. More about Anvil at the end of the video. Sorry to disappoint any wannabe hackers in the crowd, but this is not going to be a hacking tutorial. After watching this video you're not going to be able to just go out and hack your friends or your colleagues or government databases. What you are going to get from this video is a quick dip into the deep end. What are some of the things that make it so incredibly difficult to write secure software? In my opinion, the biggest difference between the way that code is modeled in the theoretical world and how it actually is in the real world is the amount of time that code takes to execute. Well, in the real world there's an entire class of attacks that exploit the physical amount of time that an algorithm took to execute. These are called timing attacks. That's what we're going to investigate in this video. We'll be able to crack a password that's 20 characters long in no time. Okay, so let's get started. What's the system that we're going to hack in this video? Well, I have a server which is really just a function and all this does is I pass in a user and my guess for the password and it's going to look up the password in the database which is actually just a dictionary up here and after it looks it up in the database all it does is tell you whether or not your guess was equal to the actual password. In this video we're going to be taking the attacker's perspective so we don't get to see the check password function. Check password is just a black box. We plug in the username and the guess and we either get you got it correct or you didn't. We don't get to see anything else. I know this is silly. Check password is just a function in the same file. This is totally ridiculous but think about check password as actually going out to the internet and trying to log into a server. This is a pretty bad server because it's going to allow us to make many many many guesses and it's not going to ban us for spamming or anything like that. Too many wrong attempts but I think it gets the point across. Okay let's get to cracking. At a first glance it might seem completely hopeless. Passwords can be extremely long, 30 characters or more, and all we're getting out of this is is the password correct or not. If we get even a single bit wrong then we basically gain no information right? Well not completely. The whole theme of this video is that we do get one extra piece of information that the server didn't tell us about. We can measure how much time it took to respond. If we suspected that the server was using a bad implementation like this, just equality checking the actual password against the guess, which by the way the server shouldn't even store your actual password, then we might be able to exploit something about how long it takes to compute the answer when the guess is closer to correct. In pretty much every programming language the first thing that happens when you compare two strings for equality is it checks to see if their lengths are the same. If the lengths are different then you can pretty quickly return false. So if we query the server with a guess, if the length of the password is wrong then the server will respond faster. Let's see if we can use that to crack the length of this password. Okay here's what we'll do. We'll take the user and the maximum possible length that we think the password could be. Then we'll just loop over the different lengths and use the timeit.repeat method to time how long each password attempt takes. The statement that we're timing is this check password of the user and a guess x, where here the user is inputted as whatever the argument was and x is a random string generated by this function. repeat returns a list and we just take the fastest time from that list to use as the server response time. We take the fastest time here because the server might have just lagged for some unknown reason and we don't want that to slow down our timing. We want to measure its performance assuming it didn't lag at all. To recap all I do is guess passwords of a bunch of different lengths and then return the length that takes the longest to respond. And here's what we see when we run it. Passwords that were randomly guessed of length 20 took a little bit longer than the rest. Notice that the second longest choice was 93 percent as fast. And what do you know the length of the actual password is 20. And this is not a fluke. If I change the length of the string so that now it's length 19 instead of 20 and run the program again now we see that the most likely length is 19. Of course if you have other things on your machine going on that are affecting the timing like recording video then it's going to make it a lot less likely to give you the right answer. When I ran it again I got that 25 is the most likely length which is not correct but 19 was still in the top three. So if you were a real hacker trying to do a real timing attack you would probably be doing this on a dedicated machine that doesn't have lots of random programs executing at the same time that might mess up the timing. Okay finding out the length of the password is one thing but guessing the actual password is something entirely different. So can the timing attack do that as well? Well if the implementation was one of these simple equality checks then yes because here's what an equality check for strings looks like under the hood. As we mentioned before first it does a length check and that's what we use to crack the length of the password. But after it does the length check it goes character by character and if any of them are not equal then it will return immediately because string comparison will return early if the password is incorrect at an earlier position. Again we find that the more correct the password is the longer the server will take to respond. This is exactly the same thing that we can use to exploit as with the length. So here's the code that I came up with in order to crack a password using a timing attack given that you've already cracked the length of the password. It's similar to cracking the length itself except we have to go position by position and get each character right in turn. We start with just a completely random guess of the correct length. We don't know how much of the password that we've guessed so far is correct so we're just going to repeatedly loop over the entire string try to get the first character correct then the second then the third and so on until the end and then start back at the beginning. We'll just keep repeating until we get the right password. For each position in the password we try every possible character that can be in the password and then we see what happens when we put that character in that position. We'll time how long it takes for our new guess, we'll time how long it takes for our old guess, and then whichever one took more time we keep as the old guess for the next iteration. Notice that by random chance we could have a more correct guess get replaced with a less correct guess. I'm sure that we'll see that happen when we actually run it but nevertheless the more correct guess is more likely to take longer and so eventually we will build up the correct password. Here we check to see if our new guess is the correct password and if it is then we're done we return. Otherwise what we do is we take the one that took longer and use that as the guess for the next iteration and that's it. All we have to do now is try it. So first we will crack the length of the password and then use that length pass it into the crack password function and see how long it takes to find the actual password. All right let's just see how well it does. So just on the first iteration it's gotten a lot of the characters right already. Let's see if it can finish off the last few in the next one. There we go it finished. Password cracked. Subscribe to mCoding. So there you have it. We just cracked a password that was 20 characters long using nothing but timing information. This was just one example of one timing attack and timing attacks themselves are just a single class of examples in a huge sea of things that you can mess up and if you mess up anything then you're going to get yourself hacked. Don't trust the security of your customer data or of your web app in general to something that's not extremely well tested and proven. And speaking of writing web apps if you're interested in that kind of thing be sure to stick around and hear about our sponsor Anvil. That's all I've got for now. See you in the next one. Anvil has everything you need to develop and deploy a web app written completely in Python, including the front end, so no JavaScript or HTML required. And it's free to try. Create your user interface by dragging and dropping components. Anvil's web-based IDE allows you to develop in your browser. No need to install anything. You can use Anvil's built-in database and let Anvil handle the tricky parts like user authentication. When you're ready, deploy your app to the cloud with a single click. Check out the link in the description to get started with Anvil today.

178376
https://www.youtube.com/watch?v=XThL0LP3RjY Published at 2022-06-03