当前位置: 动力学知识库 > 问答 > 编程问答 >

c# - Why comparing two identical byte array takes different amount of time to complete ?

问题描述:

I am trying to compute hashes and then compare them to simulate timing attack in c#

This is the code i am using for this purpose:

private void btnHash_Click(object sender, EventArgs e)

{

MD5 md5 = new MD5CryptoServiceProvider();

var firstHashByte = md5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(txtBoxText.Text));

txtBoxHash.Text = Convert.ToBase64String(firstHashByte);

var secondHashByte = md5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(txtBoxSecondText.Text));

txtBoxHashtwo.Text = Convert.ToBase64String(secondHashByte);

Stopwatch stopwatch = new Stopwatch();

stopwatch.Start();

NormalEquality(firstHashByte, secondHashByte);

//SlowEquals(firstHashByte, secondHashByte);

stopwatch.Stop();

lstBoxTimeSpan.Items.Add(stopwatch.ElapsedTicks.ToString());

}

private static void NormalEquality(byte[] hashByte, byte[] hashByte2)

{

bool bEqual = false;

if (hashByte.Length == hashByte2.Length)

{

int i = 0;

while ((i < hashByte2.Length) && (hashByte2[i] == hashByte[i]))

{

i += 1;

}

if (i == hashByte2.Length)

{

bEqual = true;

}

}

}

each time i try to run this, i get different times for even identical hashes!

Why is it happening?

I also noticed that using the following method that is said to generate a constant time for both identical and different hashes failes to do so, and it acts just like the previous method, generating different times for just anything! (identical hashesh or different hashes!)

 private static bool SlowEquals(byte[] a, byte[] b)

{

uint diff = (uint)a.Length ^ (uint)b.Length;

for (int i = 0; i < a.Length && i < b.Length; i++)

diff |= (uint)(a[i] ^ b[i]);

return diff == 0;

}

Why is it like this ? Any idea?

( By the way as a side question:

Does C# string == comparison internally does this kind of array comparison or it is just another story?

Since whenever i tried to use == string on a Base64 version of hashes, i got 0 time, both for identical and different hashes

I did :

stopwatch.Start();

if ( firstHashString == secondHashString);

stopwatch.Stop();

)

网友答案:

You get different times because the stopwatch resolution is too low to measure so little code. Eventhough the resolution of the stopwatch is very high, the CPU still have time to run thousands of instructions between every tick of the stopwatch.

During the execution of the method the stopwatch will only go a few ticks, so the resulting times will vary very much.

If you run the method for example a thousand times or a million times, you get enough work to measure with small enough time variations.

网友答案:

There are any number of things that affect the timing of method calls, a computer is a vast system, and the tiniest change can become the proverbial butterfly. To be frank, tiny timing differences are nothing to worry about, what matters is whether it always produces the correct result.

One thing to try might be repeating the method call many times eg. a million or ten million times, and timing all of the calls eg.

stopwatch.Start();
for (int i=0; i<1000000; i++) {
    // call test here
}
stopwatch.Stop();

If you repeat the above a few times, the timings should be pretty close together.

分享给朋友:
您可能感兴趣的文章:
随机阅读: