lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Thu, Jan 16, 2014 at 1:50 PM, Rob Kendrick <rjek@rjek.com> wrote:
[...]
> Depends on the quality of your RNG.  If you use /dev/random then you've
> just changed the attack from a timing attack on passwords to an entropy
> depletion attack.
[...]

How about turning it around, then; taking timestamps and keeping the
response time as constant as possible?


-- 
//David Olofson - Consultant, Developer, Artist, Open Source Advocate

.--- Games, examples, libraries, scripting, sound, music, graphics ---.
|   http://consulting.olofson.net          http://olofsonarcade.com   |
'---------------------------------------------------------------------'