-
Whenever a natural disaster or other major event happens in Turkey, the Turkish government dials their DPI clusters up to 11 to prevent people from talking about it online on social media. But instead…
-
List of timing detections to hide from:
1. `rdtsc`+`cpuid`+`rdtsc`
* The classic timing test.
2. `rdtsc`+`cpuid`+`rdtsc`+`sleep()`
* The sleep is particularly annoying because it gives tim…
-
## Description
In #2226 and #2609 a fix was discussed and made to prevent timing attacks on the basic auth logic of Gin. However, this was only partly fixed. The decision was made to use `subtle.Co…
-
De forma a deixar a rota `/api/v1/sessions` uma black box (ou seja, não ser possível saber se um usuário existe ou não através do tempo de resposta do servidor), precisamos fazer algumas alterações.
…
-
The code, as-is, simply generates an MD5 hash of the data, which is trivially forgeable by an attacker.
Because the authenticity of the session cookie is not guaranteed, the CBC encryption used by th…
-
EC_hash_to_curve1 is susceptible to timing attacks. I feel quite uncomfortable about proposing this even if this property is not relevant for some use cases. Do we know how to implement the _curve2 wi…
-
I was looking for a secure SSL implementation for Haskell (while investigating the best fix for ndmitchell/hoogle#92), and this looks like a good candidate.
However, I don't find sufficient documenta…
-
Digging the plugin.
I was wondering whether it would be possible, difficult for me to answer due to lack of full Keycloak knowledge, to have the option of having a strategy to influence the way th…
-
RTL currently exposes the following registers from [soc_ifc](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs/?p=clp.soc_ifc_reg) to the SoC as RO:
* All `internal_*` registers and s…
-
### Before reporting an issue
- [X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
### Area
l…