Possible timing attack in same page merging

Ryan Carboni ryacko at gmail.com
Tue Dec 11 12:27:15 PST 2018

Same page merging reportedly uses a hash to evaluate if a page is the same.

While I’m unclear on what hash is used and there is some mention of SHA-1
on various things written about it, it is possible that a timing attack
could be used if a colliding hash exists, but the data it self varies in
the last portion of the page. A keyed hash, with a randomly chosen key at
the time of evaluation, could be used. There would be no need for HMAC
because the length of the data is fixed (although length extension attacks
appear to be a protocol issue).

It is also possible that the hash evaluation is vulnerable to a timing
attack, which can be a separate issue.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 709 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20181211/5629cd73/attachment.txt>

More information about the cypherpunks mailing list