13 posts about #other

Dictionary Attack

Dictionary attack is a technique used to breach a password-protected system.

This method attempts to guess the correct password by systematically entering each word in a dictionary. This works because many users use normal words in dictionary as their passwords.

There are several ways to prevent this:

  • Account Locking: Lock the account after several unsuccessful attempts
  • Or in the encryption algorithm, the attack can be deterred by adding extra random bits to the end of the value before encryption, such extra bits is referred to as initialization vector, or salt
  • ……….

Comparison Time Attacks

Using == to compare sensitive hashes leaves you vulnerable to timing attacks. This is because == returns false as soon as it finds two characters that don’t match. An attacker can make many requests with different values and compare times to figure out how many characters were correct (the shorter the response, the fewer correct characters).

Solution: use a constant-time comparison algorithm.

  • Ruby: Rack::Utils.secure_compare or ActiveSupport::SecurityUtils.secure_compare
  • NodeJS: crypto.timingSafeEqual

See:

Memory layout of OS processes

memory

  • Text: The executable code (source code compiled to binary)
  • Data: initialized or uninitialized data
  • Heap: Dynamic allocated memory during program run time
  • Stack: Temporary data storage when invoking functions (local variables, function parameters, return addresses)

The sizes of text and data are fixed.

However, heap and stack can grow and shrink during run time. Each time a function is called, a record contains local variables, function parameters, return addresses is pushed to the stack. When the function finished, that record will be popped from the stack.

Similarly, the heap will grow as memory is dynamically allocated, and shrink when the memory is returned to the system. Notice that stack and heap size can grow toward each other but the OS has to make sure that they won’t overlap one another.