Y
Hacker News
new
|
ask
|
show
|
jobs
by
chrismcbride
4874 days ago
The second one is a timing issue. You need to have an equality method that takes an equal amount of time on success or failure.
Heres a good read on timing attacks in general:
http://codahale.com/a-lesson-in-timing-attacks/
1 comments
vinhboy
4874 days ago
"In short, a timing attack uses statistical analysis of how long it takes your application to do something in order to learn something about the data it’s operating on" -- great read.. my mind is blown for today...
link