Im trying to produce a timing attack in php Using php 7.1 with the following script
<?php
$find = "hello";
$length = array_combine(range(1, 10), array_fill(1, 10, 0));
for ($i = 0; $i < 1000000; $i++) {
for ($j = 1; $j <= 10; $j++) {
$testValue = str_repeat('a', $j);
$start = microtime(true);
if ($find === $testValue) {
//do Nothing
}
$end = microtime(true);
$length[$j] += $end - $start;
}
}
arsort($length);
$length = key($length);
var_dump($length . " found");
$found = '';
$alphabet = array_combine(range('a', 'z'), array_fill(1, 26, 0));
for ($len = 0; $len < $length; $len++) {
$currentIteration = $alphabet;
$filler = str_repeat('a', $length - $len - 1);
for ($i = 0; $i < 1000000; $i++) {
foreach ($currentIteration as $letter => $time) {
$testValue = $found . $letter . $filler;
$start = microtime(true);
if ($find === $testValue) {
//do Nothing
}
$end = microtime(true);
$currentIteration[$letter] += $end - $start;
}
}
arsort($currentIteration);
$found .= key($currentIteration);
}
var_dump($found);
This is searching for a word with the following constraints
a-z only up to 10 chars
the script finds the length of the word with no issue but the value of the word never comes back as expected with a timing attack.
Is there something I am doing wrong ?
The script loops though lengths, Correctly identifies the length. it then loops though each letter (a-z) and checks the speed on these, In theory 'haaaa' should be slightly slower than 'aaaaa' due to the first letter being a h, It then carries on for each of the 5 letters.
Running gives something like 'brhas' which is clearly wrong (Its different each time, but always wrong)