Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development: RE: Is there a hidden channel in Xauthentication?

RE: Is there a hidden channel in Xauthentication?

From: Klaus Frank <klausf_at_Pool.Informatik.RWTH-Aachen.DE>
Date: Tue, 22 May 2001 15:02:58 +0200 (MET DST)

Michael Wojcik wrote:

> In any case, it's easy enough to mask the time by using a hand-coded
> comparison loop that always compares all the bytes and sets a flag if any of
> them differ.

The flag would be set n times, where n is the number of matching bytes in the
two cookies... I'm afraid there is still a timing difference. An attempt to
mask the time differences can be found in gnuserv version 3.12, permitted().

Klaus Frank
Received on May 22 2001

This message: [ Message body ]
Next message: Kayne Ian (Softlab): "Crash IE with shell://:"
Previous message: David Wagner: "Re: Is there a hidden channel in X authentication?"
In reply to: Michael Wojcik: "RE: Is there a hidden channel in X authentication?"
Next in thread: David Wagner: "Re: Is there a hidden channel in X authentication?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]