Alanaktion/timing-attack.php

## timing-attack.php
<?php
$iterations = 1e4;
$valid = 'password';
$stored_hash = md5($valid);
$test = $arvg[1] ?? 'notvalid';

echo "$iterations iterations\n";

// Run tests
$v_start = microtime(true);
for ($i = 0; $i < $iterations; $i++) {
    if ($stored_hash == md5($valid)) {
        // Do nothing...
    }
}
$v_time = microtime(true) - $v_start;
echo "{$v_time} seconds for idential hashes\n";

$t_start = microtime(true);
for ($i = 0; $i < $iterations; $i++) {
    if ($stored_hash == md5($test)) {
        // Do nothing...
    }
}
$t_time = microtime(true) - $t_start;
echo "{$t_time} seconds for different hashes\n";

// Analyze results
if (abs($v_time - $t_time) < .001) {
    echo "Timing is close, test could match stored hash.\n";
} elseif ($v_time > $t_time) {
    echo "Correct hash took less time than test hash, so test is not valid.\n";
} else {
    echo "Stored hash took *longer* somehow. This happens sometimes.\n";
}
	<?php
	$iterations = 1e4;
	$valid = 'password';
	$stored_hash = md5($valid);
	$test = $arvg[1] ?? 'notvalid';

	echo "$iterations iterations\n";

	// Run tests
	$v_start = microtime(true);
	for ($i = 0; $i < $iterations; $i++) {
	if ($stored_hash == md5($valid)) {
	// Do nothing...
	}
	}
	$v_time = microtime(true) - $v_start;
	echo "{$v_time} seconds for idential hashes\n";

	$t_start = microtime(true);
	for ($i = 0; $i < $iterations; $i++) {
	if ($stored_hash == md5($test)) {
	// Do nothing...
	}
	}
	$t_time = microtime(true) - $t_start;
	echo "{$t_time} seconds for different hashes\n";

	// Analyze results
	if (abs($v_time - $t_time) < .001) {
	echo "Timing is close, test could match stored hash.\n";
	} elseif ($v_time > $t_time) {
	echo "Correct hash took less time than test hash, so test is not valid.\n";
	} else {
	echo "Stored hash took longer somehow. This happens sometimes.\n";
	}