Hacker News new | past | comments | ask | show | jobs | submit login

Well, the decryption code is open source. And they have the ciphertext. So what does a timing attack give the attacker?

If keeppass removes the possible timing attack, the attacker could just add it back in and use their own client, if they have a copy of your database.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: