secure_equals 0.1 → 0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/secure_equals.rb +1 -0
- data/secure_equals.gemspec +1 -1
- data/test/timing_attack.rb +19 -21
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5927c8fe3e0da7b11844ee3499546c021eaccacb
|
4
|
+
data.tar.gz: 42aabdfe4e13be7dac50c564be5e4d9d20cd4cc3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dbc5ff2de9dd038988519bbb8658d2fd02c9566f2e9e8af36f2e29dfc1ec19feec77c7856123ce870a28392375542a009171c5de691ad5cdfc1e1cff188c9575
|
7
|
+
data.tar.gz: 27b845041fc275b854eaf2b9d7f33e88df7ea42750fd348a0d69b4e4b23251345e811816b2e3ef724330cc8f5aaf9f40dc28d5699bce11c70f7a17b4e72880ba
|
data/.gitignore
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
*.gem
|
data/lib/secure_equals.rb
CHANGED
data/secure_equals.gemspec
CHANGED
data/test/timing_attack.rb
CHANGED
@@ -42,39 +42,37 @@ class Box
|
|
42
42
|
|
43
43
|
class Secure < Box
|
44
44
|
def guess(str)
|
45
|
-
SecureEquals.
|
45
|
+
SecureEquals.equal? @secret, str
|
46
46
|
end
|
47
47
|
end
|
48
48
|
end
|
49
49
|
|
50
50
|
def brute_force(box, trials)
|
51
51
|
scores = []
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
result = letter
|
66
|
-
end
|
52
|
+
guess = '0' * 32
|
53
|
+
(0..32).each do |pos|
|
54
|
+
max = 0
|
55
|
+
result = nil
|
56
|
+
this_time = guess.dup
|
57
|
+
'abcdef0123456789'.each_char do |letter|
|
58
|
+
this_time[pos] = letter
|
59
|
+
time = Hitimes::Interval.measure do
|
60
|
+
trials.times{ box.guess this_time }
|
61
|
+
end
|
62
|
+
if time > max
|
63
|
+
max = time
|
64
|
+
result = letter
|
67
65
|
end
|
68
|
-
guess[pos] = result
|
69
66
|
end
|
70
|
-
|
67
|
+
guess[pos] = result
|
71
68
|
end
|
69
|
+
scores << box.score(guess)
|
72
70
|
|
73
|
-
puts "average: #{scores.inject(&:+) / scores.size}"
|
71
|
+
puts "#{box.class} average: #{scores.inject(&:+) / scores.size}"
|
74
72
|
end
|
75
73
|
|
76
74
|
10.times do
|
77
75
|
brute_force Box::Weak.new, 1000
|
78
|
-
brute_force Box::Standard.new,
|
79
|
-
brute_force Box::Secure.new,
|
76
|
+
brute_force Box::Standard.new, 1000
|
77
|
+
brute_force Box::Secure.new, 1000
|
80
78
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secure_equals
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '0.
|
4
|
+
version: '0.2'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Conrad Irwin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-
|
11
|
+
date: 2013-12-11 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Constant time equality (also known as time insensitive equality) lets
|
14
14
|
you compare user-provided strings with secrets in a way that does not leak data
|
@@ -18,6 +18,7 @@ executables: []
|
|
18
18
|
extensions: []
|
19
19
|
extra_rdoc_files: []
|
20
20
|
files:
|
21
|
+
- .gitignore
|
21
22
|
- README.md
|
22
23
|
- lib/secure_equals.rb
|
23
24
|
- secure_equals.gemspec
|