[security] Widespread Timing Vulnerabilities in OpenID implementations
James A. Donald
jamesd at echeque.com
Thu Jul 15 10:42:09 UTC 2010
On 2010-07-15 2:45 PM, Nate Lawson wrote:
> Starting the compare at a random point is much more difficult and
> error-prone than implementing a constant-time compare function. Please
> see Taylor's original note, which included such a constant-time function.
The starting point of the compare only has to be unpredictable to the
attacker, rather than true random, so not so difficult.
More information about the security
mailing list