Re: Time Invariant String Comparison

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Time Invariant String Comparison
From: David Olofson <david@...>
Date: Thu, 16 Jan 2014 14:09:20 +0100

On Thu, Jan 16, 2014 at 1:50 PM, Rob Kendrick <[email protected]> wrote:
[...]
> Depends on the quality of your RNG.  If you use /dev/random then you've
> just changed the attack from a timing attack on passwords to an entropy
> depletion attack.
[...]

How about turning it around, then; taking timestamps and keeping the
response time as constant as possible?


-- 
//David Olofson - Consultant, Developer, Artist, Open Source Advocate

.--- Games, examples, libraries, scripting, sound, music, graphics ---.
|   http://consulting.olofson.net          http://olofsonarcade.com   |
'---------------------------------------------------------------------'

References:
- Time Invariant String Comparison, Jason A. Donenfeld
- Re: Time Invariant String Comparison, Daniel Silverstone
- Re: Time Invariant String Comparison, Elias Barrionovo
- Re: Time Invariant String Comparison, Paige DePol
- Re: Time Invariant String Comparison, Rob Kendrick

Prev by Date: Re: Time Invariant String Comparison
Next by Date: RE: Time Invariant String Comparison
Previous by thread: Re: Time Invariant String Comparison
Next by thread: RE: Time Invariant String Comparison
Index(es):
- Date
- Thread