secure_equals 0.1 → 0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/secure_equals.rb +1 -0
- data/secure_equals.gemspec +1 -1
- data/test/timing_attack.rb +19 -21
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5927c8fe3e0da7b11844ee3499546c021eaccacb
|
|
4
|
+
data.tar.gz: 42aabdfe4e13be7dac50c564be5e4d9d20cd4cc3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dbc5ff2de9dd038988519bbb8658d2fd02c9566f2e9e8af36f2e29dfc1ec19feec77c7856123ce870a28392375542a009171c5de691ad5cdfc1e1cff188c9575
|
|
7
|
+
data.tar.gz: 27b845041fc275b854eaf2b9d7f33e88df7ea42750fd348a0d69b4e4b23251345e811816b2e3ef724330cc8f5aaf9f40dc28d5699bce11c70f7a17b4e72880ba
|
data/.gitignore
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
*.gem
|
data/lib/secure_equals.rb
CHANGED
data/secure_equals.gemspec
CHANGED
data/test/timing_attack.rb
CHANGED
|
@@ -42,39 +42,37 @@ class Box
|
|
|
42
42
|
|
|
43
43
|
class Secure < Box
|
|
44
44
|
def guess(str)
|
|
45
|
-
SecureEquals.
|
|
45
|
+
SecureEquals.equal? @secret, str
|
|
46
46
|
end
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
def brute_force(box, trials)
|
|
51
51
|
scores = []
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
result = letter
|
|
66
|
-
end
|
|
52
|
+
guess = '0' * 32
|
|
53
|
+
(0..32).each do |pos|
|
|
54
|
+
max = 0
|
|
55
|
+
result = nil
|
|
56
|
+
this_time = guess.dup
|
|
57
|
+
'abcdef0123456789'.each_char do |letter|
|
|
58
|
+
this_time[pos] = letter
|
|
59
|
+
time = Hitimes::Interval.measure do
|
|
60
|
+
trials.times{ box.guess this_time }
|
|
61
|
+
end
|
|
62
|
+
if time > max
|
|
63
|
+
max = time
|
|
64
|
+
result = letter
|
|
67
65
|
end
|
|
68
|
-
guess[pos] = result
|
|
69
66
|
end
|
|
70
|
-
|
|
67
|
+
guess[pos] = result
|
|
71
68
|
end
|
|
69
|
+
scores << box.score(guess)
|
|
72
70
|
|
|
73
|
-
puts "average: #{scores.inject(&:+) / scores.size}"
|
|
71
|
+
puts "#{box.class} average: #{scores.inject(&:+) / scores.size}"
|
|
74
72
|
end
|
|
75
73
|
|
|
76
74
|
10.times do
|
|
77
75
|
brute_force Box::Weak.new, 1000
|
|
78
|
-
brute_force Box::Standard.new,
|
|
79
|
-
brute_force Box::Secure.new,
|
|
76
|
+
brute_force Box::Standard.new, 1000
|
|
77
|
+
brute_force Box::Secure.new, 1000
|
|
80
78
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_equals
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '0.
|
|
4
|
+
version: '0.2'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Conrad Irwin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2013-
|
|
11
|
+
date: 2013-12-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Constant time equality (also known as time insensitive equality) lets
|
|
14
14
|
you compare user-provided strings with secrets in a way that does not leak data
|
|
@@ -18,6 +18,7 @@ executables: []
|
|
|
18
18
|
extensions: []
|
|
19
19
|
extra_rdoc_files: []
|
|
20
20
|
files:
|
|
21
|
+
- .gitignore
|
|
21
22
|
- README.md
|
|
22
23
|
- lib/secure_equals.rb
|
|
23
24
|
- secure_equals.gemspec
|