Issue No.02 - March-April (2013 vol.11)
Adrian Hayes , Security-Assessment.com
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2013.39
The common wisdom is that string comparison timing attacks against a hashed password are impossible. However, these attacks can still be effective if attackers give up on the ideal of stealing all the characters representing the user's password or the entire hash.
Network security, Computer security, Authentication, Access control, computer security, network service authentication timing attacks, SHA-1, timing attacks, hash functions, side-channel attacks
Adrian Hayes, "Network Service Authentication Timing Attacks", IEEE Security & Privacy, vol.11, no. 2, pp. 80-82, March-April 2013, doi:10.1109/MSP.2013.39