Y
Hacker News
new
|
ask
|
show
|
jobs
by
ad_hominem
2856 days ago
If you're just handing out the random string without signing it (or performing some other constant-time comparison when validating), you're vulnerable to timing attacks