serhii.net

In the middle of the desert you can say anything you want

20 Dec 2016

A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals) @ codahale.com

https://codahale.com/a-lesson-in-timing-attacks/


Every time you compare two values, ask yourself: what could someone do if they knew either of these values? If the answer is at all meaningful, use a constant-time algorithm to compare them.”

Nel mezzo del deserto posso dire tutto quello che voglio.