Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Timing attack
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|Cryptographic attack}} {{Use dmy dates|date=September 2020}} [[File:Histogram_of_cross-site_leaks_cache_timing_attack_example.png|thumb|upright=1.8|An example of a timing attack being performed on the [[web cache]]. The graph on the left denotes a case where the timing attack is successfully able to detect a cached image whereas the one on the right is unable to do the same.]] In [[cryptography]], a '''timing attack''' is a [[side-channel attack]] in which the attacker attempts to compromise a [[cryptosystem]] by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input. Finding secrets through timing information may be significantly easier than using [[cryptanalysis]] of known plaintext, ciphertext pairs. Sometimes timing information is combined with cryptanalysis to increase the rate of information leakage.<ref name="BearSSL">{{Cite web|url=https://www.bearssl.org/constanttime.html|title=Constant-Time Crypto|website=BearSSL|access-date=2017-01-10}}</ref> Information can leak from a system through measurement of the time it takes to respond to certain queries. How much this information can help an attacker depends on many variables: cryptographic system design, the CPU running the system, the algorithms used, assorted implementation details, timing attack countermeasures, the accuracy of the timing measurements, etc. Timing attacks can be applied to any algorithm that has data-dependent timing variation. Removing timing-dependencies is difficult in some algorithms that use low-level operations that frequently exhibit varied execution time. Timing attacks are often overlooked in the design phase because they are so dependent on the implementation and can be introduced unintentionally with [[compiler optimizations]]. Avoidance of timing attacks involves design of constant-time functions and careful testing of the final executable code.<ref name="BearSSL" />
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)