|
|
|
|
|
|
by ericbarrett
1878 days ago
|
|
|
This is regarding a JWT[0] which is often used for authentication. Server-side code which takes a different amount of time depending on what bits are set in the JWT (or any similar authentication token) can be probed by repeating the operation with different values. Think of lockpicking—if you can move a pin and hear a click or feel more or less resistance, you know you've poked something critical in the core. [0] https://jwt.io/ |
|
|