Password Checking

Network Security Fall 2021
Due


The goals of this lab are to:

  1. Exploit a vulnerable password check routine
  2. Gain experience in network timing side channels

A network service containing a vulnerable password check routine is running on netsec.diverge.dev:12551. The routine contains a similar timing side channel to the one discussed during lecture. Use this channel to recover the password.

Note that since you are attempting to exploit a timing channel over the network and over several hops, you will need to account for noise in your measurements. Think about ways to mitigate this noise.

Lab Objectives

  1. Exploit the service to recover the password.
  2. Exploit another copy of the service running on port 12552 (graduates only).

Submission Instructions

Package a README containing the password(s) that explains your attack along with your source code in src/.