Hacker News new | ask | show | jobs
by dasil003 2844 days ago
Requiring a timing attack and having throttling on any such endpoints raises the bar quite a bit by itself.

As to preventing timing attacks you can add a delay to give a uniform response time.
1 comments
CiPHPerCoder 2844 days ago
> As to preventing timing attacks you can add a delay to give a uniform response time.

You have to be very careful with how you implement the delay to prevent the timing signal from still propagating to the attacker.

https://blog.ircmaxell.com/2014/11/its-all-about-time.html#A...

link