|
|
|
|
|
|
by TheBigRoomXXL
623 days ago
|
|
|
More generally it protects against anybody who has access to the database, including bad actors if it's leaked. I don't think it protects against timing attack because the common way of doing it is just to use sha256 and use the resulting hash to do a lookup in the database. This is not a fixed time operation |
|
|