Pádraic Brady wrote: > http://codahale.com/a-lesson-in-timing-attacks/ > > The article makes a good case for taking even network operations seriously. > It's > like brute force, except the force required should diminish over time. The > result is that a little preemptive action now, may prevent a lot of pain > later. > I'm not sure I'd take the side of it being a serious problem just yet, but > "just > yet" doesn't mean "completely ignore". As the OP has stated, there is a clear > trend to fix this vulnerability (potential or otherwise) where possible.
Yes, I agree. BTW, that article cites our original finding in Google Keyczar back in May 2009. > P.S. Hope the Blackhat USA slides are put up somewhere ;) Yes, after the talk it will be online. -- Nate Lawson Root Labs :: www.rootlabs.com +1 (510) 595-9505 / (415) 305-5638 mobile Solving embedded security, kernel and crypto challenges _______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
