Blinding potentially leaks information #37
Comments
|
Update: the diagram in the solution architecture is outdated; the swagger API has already moved to 8-character method names, which covers part of what I mentioned. |
|
Correct, point b is covered by having 8 letter requests AND padding in both request and response. point a is covered by the api gateway that randomises timing. I'll leave this open because I have to check if point a is already in place. |
|
@ijansch do you have an update on this? |
Tweaked values after consultation with validation team
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Tweaked values after consultation with validation team
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
The latest solutions architecture mentions doing random uploads to a dummy url. The communication is covered by TLS but it can still leak information:
a. Hitting a different code path has a high chance of releasing information via timing.
b. Difference in message sizes, the endpoint names are of equal length in the proposal.
They're easy to cover: you're almost certainly using a queue for /upload for scaling and as a strategy to avoid timing attacks. The messages can be dead lettered.
For B you can either add random jitter to requests or normalize the endpoint names. The latter can be handled by infra, using a url rewriter internally for example.
The text was updated successfully, but these errors were encountered: