[security] Widespread Timing Vulnerabilities in OpenID implementations
Pádraic Brady
padraic.brady at yahoo.com
Wed Jul 14 11:18:02 UTC 2010
http://codahale.com/a-lesson-in-timing-attacks/
The article makes a good case for taking even network operations seriously. It's
like brute force, except the force required should diminish over time. The
result is that a little preemptive action now, may prevent a lot of pain later.
I'm not sure I'd take the side of it being a serious problem just yet, but "just
yet" doesn't mean "completely ignore". As the OP has stated, there is a clear
trend to fix this vulnerability (potential or otherwise) where possible.
P.S. Hope the Blackhat USA slides are put up somewhere ;)
Pádraic Brady
http://blog.astrumfutura.com
http://www.survivethedeepend.com
OpenID Europe Foundation Irish Representative
________________________________
From: Eric Norman <ejnorman at doit.wisc.edu>
To: openid-security at lists.openid.net
Sent: Wed, July 14, 2010 7:12:56 AM
Subject: Re: [security] Widespread Timing Vulnerabilities in OpenID
implementations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20100714/e0bcf14b/attachment.html>
More information about the security
mailing list