[0942v8653]

There is also the possibility of timing attacks on either type of request. By the length you can tell when the HTTPS request is most likely POST /PWDStrength, and from the times that the request is initiated, you can guess at some characteristics of the password (maybe they stopped typing for a second to verify requirements after typing 7 characters; maybe they stopped after 8 because they have to move to the numpad on their keyboard).

edit: the best sopution for this is probably to wait a specified amount between requests, rather than doing it with each character.

[willvarfar]

Came here to say this.

It is feasible to reconstruct passwords from timing information alone. This has been done against e.g.

SSH http://people.eecs.berkeley.edu/~daw/papers/ssh-use01.pdf and

TLS https://www.schneier.com/blog/archives/2010/03/side-channel_...

[ryanlol]

That's a very interesting interpretation of the linked papers.

While timing information may make brute force attacks against the passwords easier, it is not feasible to reconstruct passwords based on the timing information exposed by Ebay.

It is also worth noting that the ability to perform more efficient brute force searches doesn't really matter in the case of Ebay, as it will not make such attacks feasible over the internet.

[willvarfar]

Attacks only get better.

[tfinniga]

Sometimes they stay at exactly the same level forever.

[willvarfar]

Its a classic quote from Bruce Schneier. I should have attributed it. I thought the crowd would get it.

[sp332]

While often attributed to Schneier, he attributes it to the NSA https://www.schneier.com/blog/archives/2011/08/new_attack_on...

[ryanlol]

It is, and will remain impossible to deduce a victims password from such a small timing sample.

There simply isn't enough data.

[willvarfar]

I do trust you aren't an Ebay security team? ;)

http://www.wired.com/2011/10/iphone-keylogger-spying/ etc.

[ryanlol]

>I do trust you aren't an Ebay security team? ;)

Luckily, not my kind of a gig.

>http://www.wired.com/2011/10/iphone-keylogger-spying/ etc.

This attack depends on being able to identify individual keys so it's not really applicable here. However, a similar attack might be possible here if not for the very small sample size.

[Retric]

There are many failure modes for encryption that most people rarely think about. EX: If someone encrypts either the US constitution or Hamlet then you can tell based on message traffic size which it was. For a physical example, if collage rejection letters are a letter, but acceptance letters are a package then it's obvious to your mail room who got accepted.

This is probably secure, but non standard password exchanges open up a lot of possibility's.

[Phlarp]

Is this another point in the bucket for password managers? Harder to leak any timing related information when a browser plugin auto-fills the form...

[joelg236]

Yes, a password manager likely negates this kind of attack. Although the timing info likely gives away that you're using the auto-fill (which isn't useful, just interesting)