Hacker News new | comments | show | ask | jobs | submit login

Your verification code is wrong. See http://codahale.com/a-lesson-in-timing-attacks/

Edit: I'm wrong, sorry.




Wait, what? What's the attack you're thinking of here? How would it actually work?


Hah, you're right. It's practically impossible to generate passwords in such way that they will give hashes differing by only a byte. Sorry, I see timing attacks everywhere.


Have you actually ever written an exploit for one? It'll cure you of that problem really fast.

(I'm being serious, not snarky).


This is actually a very good advice, especially for people like me who have hard time visualizing how complex things work. For example, when I tried to understand what the meet-in-the-middle attack is, and couldn't, it was incredibly helpful to implement it (https://gist.github.com/1062437). Then I understood.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: