-
This doesn't seem right.
-
Please answer these questions before submitting your issue. Thanks!
### What version of Go are you using (`go version`)?
1.7.4
### What operating system and processor architecture are you using…
-
> Marvin Attack: potential key recovery through timing sidechannels
| Details | |
| ------------------- | ---------------------------------…
-
Hi,
in it's current form the AES implementation (https://github.com/contiki-os/contiki/blob/master/core/lib/aes-128.c) appears to be vulnerable to timing attacks due to the use of data-dependent (and…
-
`kit:basic-auth` is doing variable-time string comparisons of usernames and passwords ([kit:basic-auth.js:7](https://github.com/cwaring/meteor-basic-auth/blob/59874d5b2f7e1713dcf6e6d22e2e96ff41784323/…
-
As discussed in the privacy review, timing attacks allow for profiling of the users machine.
As highlighted by @kdzwinel - This could be an increased exposure to other CPU profiling exposed via oth…
-
Userspace processes need to be protected against Spectre attacks by other such processes. While the seL4 security claim does not extend to covert channels, timing attacks are a significant threat whe…
-
Just to keep track of it, the following rules miss documentation (there is currently only a placeholder file):
- `detect-helmet-without-nocache`
- `detect-option-multiplestatements-in-mysql`
- `d…
NF997 updated
2 years ago
-
Here's a simple example of this problem:
Let's say you're writing a password checker. Your algorithm looks like:
```zig
// vulnerable function
fn checkPass(hashed_password: []const u8, guessed…
-
return digestHexCache;
}
public boolean digestEquals(byte[] otherDigest) {
return Arrays.equals(digest, otherDigest);
An attacker can guess the secret value of digest b…