serhii.net LINKS BLOG!

In the middle of the desert you can say anything you want

20 Dec 2016

A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals) @ codahale.com

Categories:
  • Infosec/Cryptography
  • Infosec/Web security
    • (show all) All categories:
  • Infosec
  • Infosec/Cryptography
  • Infosec/Web security

    • Tags:
  • Web-security
  • Web-app-hacking
  • Timing-attacks
  • Cryptography
  • Attacks
  • Cyphertext

    • Rating: 5; Complexity: 6
    Title: A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals) @ codahale.com
    Link: https://codahale.com/a-lesson-in-timing-attacks/

    Every time you compare two values, ask yourself: what could someone do if they knew either of these values? If the answer is at all meaningful, use a constant-time algorithm to compare them.”

    Nel mezzo del deserto posso dire tutto quello che voglio.