Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
sophacles
on Aug 13, 2009
|
parent
|
context
|
favorite
| on:
A Lesson In Timing Attacks (or, Don't use MessageD...
Not really, if this attack is doable over the internet, which will have latencies randomly[1] distributed (in a normal curve), rand does not actually do anything, well maybe require a few more sample points to get that noise out.
naz
on Aug 13, 2009
[–]
That makes sense, maybe sleep(rand(1.0 - time_spent))
naz
on Aug 13, 2009
|
parent
[–]
Or just sleep(1.0 - time_spent)
JacobK
on Aug 13, 2009
|
root
|
parent
[–]
Or just don't short circuit ever, and do the entire computation every time.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
