RE: Is there a hidden channel in Xauthentication?

From: Klaus Frank (klausfat_private-Aachen.DE)
Date: Tue May 22 2001 - 06:02:58 PDT

Next message: Kayne Ian (Softlab): "Crash IE with shell://:"

Previous message: David Wagner: "Re: Is there a hidden channel in X authentication?"
In reply to: Michael Wojcik: "RE: Is there a hidden channel in X authentication?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael Wojcik wrote:

> In any case, it's easy enough to mask the time by using a hand-coded
> comparison loop that always compares all the bytes and sets a flag if any of
> them differ.

The flag would be set n times, where n is the number of matching bytes in the
two cookies... I'm afraid there is still a timing difference. An attempt to
mask the time differences can be found in gnuserv version 3.12, permitted().

Klaus Frank

Next message: Kayne Ian (Softlab): "Crash IE with shell://:"
Previous message: David Wagner: "Re: Is there a hidden channel in X authentication?"
In reply to: Michael Wojcik: "RE: Is there a hidden channel in X authentication?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 22 2001 - 09:24:47 PDT