Hacker Newsnew | comments | ask | jobs | submitlogin
dchest 785 days ago | link | parent

Your verification code is wrong. See http://codahale.com/a-lesson-in-timing-attacks/

Edit: I'm wrong, sorry.



tptacek 785 days ago | link

Wait, what? What's the attack you're thinking of here? How would it actually work?

-----

dchest 785 days ago | link

Hah, you're right. It's practically impossible to generate passwords in such way that they will give hashes differing by only a byte. Sorry, I see timing attacks everywhere.

-----

tptacek 785 days ago | link

Have you actually ever written an exploit for one? It'll cure you of that problem really fast.

(I'm being serious, not snarky).

-----

dchest 785 days ago | link

This is actually a very good advice, especially for people like me who have hard time visualizing how complex things work. For example, when I tried to understand what the meet-in-the-middle attack is, and couldn't, it was incredibly helpful to implement it (https://gist.github.com/1062437). Then I understood.

-----




Lists | RSS | Bookmarklet | Guidelines | FAQ | DMCA | News News | Feature Requests | Bugs | Y Combinator | Apply | Library

Search: