NGIT

WHY ARE WEB-BASED ENCRYPTION SYSTEMS HIGHLY VULNERABLE TO TIME-BASED CRYPTOATTACKS?

I don't know if you've ever thought about this question, but I was amazed when I learned from a conversation with colleagues that they have serious problems with the so-called "time synchronization".

As absurd as it may sound to some, the reason for all misunderstandings lies in the lack of technical knowledge and observance of technological discipline. These two factors are the foundation on which the exploitative resilience of all cybernetic systems is built. Unfortunately, however, they are most often violated.
In this case, we have a gross violation of the requirements of standards such as ANSI and ISO 8601.

Suppose someone believes that what we are saying is "complete nonsense". In that case, it is good to carefully analyze ECMAScript and Node.js, which are used extensively in such "modern" applications (or 'apps', whatever the latter means, as such definitions are contrary to engineering science for us).

And this is where the funniest part comes in.
Since hardly anyone would spend 130 CHF (excluding VAT) to buy something useful, they are most likely to turn to Google. As a result, it is quite natural to get the following answer:

" ... If no UTC relation information is given with a time representation, the time is assumed to be in local time ..."

Here, you need to be very careful in the translation (regardless of your language skills), because this answer hides several pitfalls that you do not even suspect.

As First, it's a good idea to take a quick look at Date.parse() - JavaScript | MDN (mozilla.org). If you read carefully (and this is important), you can't help but notice the following phrase:

"If you do not specify a time zone, the local time zone is assumed."

Note that here we have a strict adherence to the requirements of the standard.

The next step is to take a look at ECMA-262 - Ecma International (ecma-international.org).
Here it is clearly written:

"The value of an absent time zone offset is «Z».".

The official MSDN documentation also clearly states:

"If you do not include a value in the Z position, UTC time is used."

But what happens?

In the distant 2011 (end of June), differences between ISO and ECMA 5.1 appeared. As a result, several web-based applications began to accumulate system errors for several hours, the reason being how the time was interpreted in the browsers used and how by the servers.
However, this can create very serious problems that are often overlooked and rarely subjected to serious discussion.

In this line of thought, how many ways of measuring time intervals do you know and how they differ from each other?

Try to learn a little more about time zones and the problems associated with them. You will learn many interesting things that you did not even suspect.

CRYPTHOR™

An Alternative Post Quantum Solution for Business.

TEST OUR NEW SOLUTIONS

• Professional file encryption manager;
• Professional file packages encryption manager;
• Professional security file briefcase manager;
• Professional file shredder and digital data sanitization manager;
• Professional file shredder and digital data sanitization manager;
• Specialized solutions for the generation and transformation of the used user passwords;
• Specialized solutions for automatic formation of session; cryptographic primitives (delta generators);
• Professional encryption process documentation;
• Professional crypto CMD manager (security script editor, SSE);
• A specialized secure text editor;
• Virtual disk management module;
• Steganography module (basic version);
• Object-relational encryption (eyless data encryption, KDE);
• Generation of session cryptographic protocols using control strings (control string encryption, CSE);
• Specialized systems for automatic verification of used hardware systems (hardware-dependent system, HDS);
• Еncryption processes оptimization;
• Processes system control оptimization, etc..

File Protect System-SE - Download and install on Windows | Microsoft Store Guaranteed protection of digital data is a primary duty of every administrative and financial agency, commercial organization, development unit, scientific institute, and military structure. File Protect System is a specialized, hybrid application for managing the life cycle of critical information....