
Implementing a Secure “Remember Me” (Long-Term Authentication) Feature - CiPHPerCoder
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#title.2.1
======
ZoFreX
The timing attack described here is really interesting to me but I'm not
totally convinced it's feasible. That said, that's what a lot of people
thought about other timing attacks over networks and they turned out to be
totally feasible!

Does anyone have a second opinion on this?

