On Oct 1, 2011, at 9:24 , Ron Wilson wrote: > On Fri, Sep 30, 2011 at 2:27 PM, Dmitry Chestnykh > <dmi...@codingrobots.com> wrote: >> The attacker cannot supply hash, he supplies password. To do timing attack, >> the >> attacker have to find a such string, for which the hash has a few bytes >> changed. > > You and I seem to be talking about different use cases, There are > scenarios where both the client and server generate hashes. The client > sends its has to the server and the server compares the hashes.
This is correct, yes. -- Dmitry Chestnykh _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users