[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Time Invariant String Comparison
- From: David Olofson <david@...>
- Date: Thu, 16 Jan 2014 14:09:20 +0100
On Thu, Jan 16, 2014 at 1:50 PM, Rob Kendrick <rjek@rjek.com> wrote:
[...]
> Depends on the quality of your RNG. If you use /dev/random then you've
> just changed the attack from a timing attack on passwords to an entropy
> depletion attack.
[...]
How about turning it around, then; taking timestamps and keeping the
response time as constant as possible?
--
//David Olofson - Consultant, Developer, Artist, Open Source Advocate
.--- Games, examples, libraries, scripting, sound, music, graphics ---.
| http://consulting.olofson.net http://olofsonarcade.com |
'---------------------------------------------------------------------'