web_timing_attack – An experiment side channel attacks on cryptographic operations such as signature verification.
This project is an ongoing experiment testing the theoretical aspects of side channel attacks on cryptographic operations such as signature verification. Currently this tool can execute a timing attack against a local or remote server that is using a linear time equality check to verify a signature. Unfortuantely right now time is not being measured in the most precise way (python urlib module).
+ Find a more accurate way to measure response times such as TCP RTT.
+ Write unit tests for determining the byte based on timestamps.
Use and download from git:
git clone firstname.lastname@example.org:dkhonig/web_timing_attack.git && cd web_timing_attack
pip install -r requirements.txt
Start the server: ./server.py